Re: [Cosign-discuss] Cloned Server: cn=login & host=login-dev don't match!

Fri, 13 Dec 2013 09:56:38 -0800

On December 12, 2013 at 20:07 , Brian Arthur <brianpatrickart...@gmail.com> wrote:
Thank you for the information. Can you direct me to any documentation on how to replace the certificate used by cosignd to match my new common name? I'm guessing this is located under /etc/cosign/certs as the first couple lines of cosign.conf are: 

set cosigncadir /etc/cosign/certs/ca/
set cosigncert /etc/cosign/certs/cgi.crt
set cosignkey /etc/cosign/certs/cgi.key
set cosigntmpldir /var/www/html/login-templates

cgi login-dev.example.com <http://login-dev.example.com>
Should I be looking here: http://webapps.itcs.umich.edu/cosign/index.php/Cosign_Wiki:Test_install_HOWTO#Certificates_generation but replace "cgi-1" with login-dev.example.com <http://login-dev.example.com>
The instructions at that URL are fine as a starting point, but you'd have to change the entire subject in the commands listed there, not just the CN portion of the subject. 

The best advice I can give you is:
1. Get a certificate with the proper CN in the same way you would get any X.509 certificate for use with any service (web, LDAP, SMTP, IMAP, etc.). How you do this will depend on if you have your own CA or are using a commercial CA, as well as the details of your environment; but it is not special to cosign in any way.
2. Install the new certificate and its key in the cosigncert and cosignkey files above. (Make backup copies of the old ones just in case).
3. If you changed your CA when doing this, make sure you put any root and intermediate certificates for the CA into the cosigncadir directory and generate appropriate hash symlinks.
4. Restart cosignd and your central weblogin server web server service so that both of them "see" the new certificate. 

I hope this helps.

--
  Mark Montague
  m...@catseye.org


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to