I had mod_cosign working fine with Mac OS X Yosemite Server, but after upgrade
to El Capitan I’m seeing ssl errors with certificate validation. The certs are
all valid because they worked under the previous OS.
Initially I saw these five error messages:
[Sun Jul 17 16:35:32.090667 2016] [:error] [pid 13173] mod_cosign:
snet_starttls: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:35:32.111515 2016] [:error] [pid 13173] mod_cosign:
snet_starttls: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:35:32.133292 2016] [:error] [pid 13173] mod_cosign:
snet_starttls: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:35:32.152370 2016] [:error] [pid 13173] mod_cosign:
snet_starttls: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:35:32.152474 2016] [:error] [pid 13173] mod_cosign:
cosign_cookie_valid: Unable to connect to any Cosign server.
After adding my CosignHostName server to my /etc/hosts file there are only two
error messages:
[Sun Jul 17 16:37:44.480698 2016] [:error] [pid 13264] mod_cosign:
snet_starttls: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 17 16:37:44.480810 2016] [:error] [pid 13264] mod_cosign:
cosign_cookie_valid: Unable to connect to any Cosign server.
It seems like maybe some security feature in El Capitan is blocking Cosign from
doing DNS lookups. I cannot determine what other name is being looked up by
Cosign. I tried adding all the server names that might appear in any of my
certificates to no avail.
Any ideas of how to fix this?
--Andrew
===================================================
Andrew J. Miller
Programmer/Analyst
Department of Engineering Science & Mechanics
Pennsylvania State University
212 Earth and Engineering Sciences Building
University Park, PA 16802
===================================================
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss