On April 16, 2013 6:41 , George Francis <gfranc...@gmail.com> wrote: > I presume it worked up until the SMTP protocol started. > It confirms that the certificate I got was self-signed, but then seems > to proceed without issue, so > unfortunately I'm still no wiser as to why my client gets > "SSLHandshakeException: Received fatal alert: unknown_ca"
No, cosign will not work unless all certificates in the certificate chain for the central weblogin server can be verified. Download the intermediate and root certificates used to sign the central weblogin server certificate. Put these in a directory and hash them, using c_rehash, cacertdir_rehash, or "for i in * ; do ln -s $i `openssl x509 -hash -noout -in $i`.0 ; done". Then try "openssl s_client" again, giving a "-CApath" argument pointing at the directory where you have the certificates installed. If openssl gives any warnings about the certificates, you still have a problem. Once you have things working with "openssl s_client", import the root and intermediate CA certs into your Java keystore Everything above also applies to the root and intermediate CA certificates used to sign the cert that your local cosign module uses to prove its identity to the central weblogin server; with the additional caveat that the CA used to sign your local cert must be a CA that is trusted by the administrators of the central weblogin server -- contact them, and they can give you a list of the CAs they have chosen to trust for this purpose. -- Mark Montague m...@catseye.org ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
