[Cosign-discuss] El Capitan support

Mon, 18 Jul 2016 17:36:30 -0700 

I had mod_cosign working fine with Mac OS X Yosemite Server, but after upgrade 
to El Capitan I’m seeing ssl errors with certificate validation. The certs are 
all valid because they worked under the previous OS. 


Initially I saw these five error messages:
[Sun Jul 17 16:35:32.090667 2016] [:error] [pid 13173] mod_cosign: 
snet_starttls: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:35:32.111515 2016] [:error] [pid 13173] mod_cosign: 
snet_starttls: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:35:32.133292 2016] [:error] [pid 13173] mod_cosign: 
snet_starttls: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:35:32.152370 2016] [:error] [pid 13173] mod_cosign: 
snet_starttls: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:35:32.152474 2016] [:error] [pid 13173] mod_cosign: 
cosign_cookie_valid: Unable to connect to any Cosign server.


After adding my CosignHostName server to my /etc/hosts file there are only two 
error messages:

[Sun Jul 17 16:37:44.480698 2016] [:error] [pid 13264] mod_cosign: 
snet_starttls: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:37:44.480810 2016] [:error] [pid 13264] mod_cosign: 
cosign_cookie_valid: Unable to connect to any Cosign server.

It seems like maybe some security feature in El Capitan is blocking Cosign from 
doing DNS lookups. I cannot determine what other name is being looked up by 
Cosign. I tried adding all the server names that might appear in any of my 
certificates to no avail.

Any ideas of how to fix this?

--Andrew

===================================================
Andrew J. Miller
Programmer/Analyst
Department of Engineering Science & Mechanics
Pennsylvania State University
212 Earth and Engineering Sciences Building
University Park, PA 16802
===================================================


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to