No, SHA-256. --Andrew
> On Jul 18, 2016, at 8:53 PM, Jorj Bauer <j...@temple.edu> wrote: > > I would guess it's that your server cert is SHA/1, and El Capitan refuses to > let you use it. > > -- Jorj > > Sent from my iPhone > > On Jul 18, 2016, at 11:12, Andrew Miller <ajmil...@engr.psu.edu> wrote: > >> I had mod_cosign working fine with Mac OS X Yosemite Server, but after >> upgrade to El Capitan I’m seeing ssl errors with certificate validation. The >> certs are all valid because they worked under the previous OS. >> >> >> Initially I saw these five error messages: >> [Sun Jul 17 16:35:32.090667 2016] [:error] [pid 13173] mod_cosign: >> snet_starttls: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> [Sun Jul 17 16:35:32.111515 2016] [:error] [pid 13173] mod_cosign: >> snet_starttls: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> [Sun Jul 17 16:35:32.133292 2016] [:error] [pid 13173] mod_cosign: >> snet_starttls: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> [Sun Jul 17 16:35:32.152370 2016] [:error] [pid 13173] mod_cosign: >> snet_starttls: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> [Sun Jul 17 16:35:32.152474 2016] [:error] [pid 13173] mod_cosign: >> cosign_cookie_valid: Unable to connect to any Cosign server. >> >> >> After adding my CosignHostName server to my /etc/hosts file there are only >> two error messages: >> >> [Sun Jul 17 16:37:44.480698 2016] [:error] [pid 13264] mod_cosign: >> snet_starttls: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> [Sun Jul 17 16:37:44.480810 2016] [:error] [pid 13264] mod_cosign: >> cosign_cookie_valid: Unable to connect to any Cosign server. >> >> It seems like maybe some security feature in El Capitan is blocking Cosign >> from doing DNS lookups. I cannot determine what other name is being looked >> up by Cosign. I tried adding all the server names that might appear in any >> of my certificates to no avail. >> >> Any ideas of how to fix this? >> >> --Andrew >> >> =================================================== >> Andrew J. Miller >> Programmer/Analyst >> Department of Engineering Science & Mechanics >> Pennsylvania State University >> 212 Earth and Engineering Sciences Building >> University Park, PA 16802 >> =================================================== >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning >> reports.http://sdm.link/zohodev2dev >> _______________________________________________ >> Cosign-discuss mailing list >> Cosign-discuss@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/cosign-discuss ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
