I would guess it's that your server cert is SHA/1, and El Capitan refuses to
let you use it.
-- Jorj
Sent from my iPhone
> On Jul 18, 2016, at 11:12, Andrew Miller <ajmil...@engr.psu.edu> wrote:
>
> I had mod_cosign working fine with Mac OS X Yosemite Server, but after
> upgrade to El Capitan I’m seeing ssl errors with certificate validation. The
> certs are all valid because they worked under the previous OS.
>
>
> Initially I saw these five error messages:
> [Sun Jul 17 16:35:32.090667 2016] [:error] [pid 13173] mod_cosign:
> snet_starttls: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> [Sun Jul 17 16:35:32.111515 2016] [:error] [pid 13173] mod_cosign:
> snet_starttls: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> [Sun Jul 17 16:35:32.133292 2016] [:error] [pid 13173] mod_cosign:
> snet_starttls: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> [Sun Jul 17 16:35:32.152370 2016] [:error] [pid 13173] mod_cosign:
> snet_starttls: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> [Sun Jul 17 16:35:32.152474 2016] [:error] [pid 13173] mod_cosign:
> cosign_cookie_valid: Unable to connect to any Cosign server.
>
>
> After adding my CosignHostName server to my /etc/hosts file there are only
> two error messages:
>
> [Sun Jul 17 16:37:44.480698 2016] [:error] [pid 13264] mod_cosign:
> snet_starttls: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> [Sun Jul 17 16:37:44.480810 2016] [:error] [pid 13264] mod_cosign:
> cosign_cookie_valid: Unable to connect to any Cosign server.
>
> It seems like maybe some security feature in El Capitan is blocking Cosign
> from doing DNS lookups. I cannot determine what other name is being looked up
> by Cosign. I tried adding all the server names that might appear in any of my
> certificates to no avail.
>
> Any ideas of how to fix this?
>
> --Andrew
>
> ===================================================
> Andrew J. Miller
> Programmer/Analyst
> Department of Engineering Science & Mechanics
> Pennsylvania State University
> 212 Earth and Engineering Sciences Building
> University Park, PA 16802
> ===================================================
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Cosign-discuss mailing list
> Cosign-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss