In that case, what's the output of openssl s_client -connect cosign-test.example.com:6663 -cert /etc/apache/certs/cosign-test.cert -key /etc/apache/certs/cosign-test.key -CApath /var/cosign/certs/CA -showcerts -state -debug -crlf -starttls smtp
... with appropriate paths and hostnames, of course. :) On 7/18/16 9:03 PM, Andrew Miller wrote: > No, SHA-256. > > --Andrew > >> On Jul 18, 2016, at 8:53 PM, Jorj Bauer <j...@temple.edu> wrote: >> >> I would guess it's that your server cert is SHA/1, and El Capitan refuses to >> let you use it. >> >> -- Jorj >> >> Sent from my iPhone >> >> On Jul 18, 2016, at 11:12, Andrew Miller <ajmil...@engr.psu.edu> wrote: >> >>> I had mod_cosign working fine with Mac OS X Yosemite Server, but after >>> upgrade to El Capitan I’m seeing ssl errors with certificate validation. >>> The certs are all valid because they worked under the previous OS. >>> >>> >>> Initially I saw these five error messages: >>> [Sun Jul 17 16:35:32.090667 2016] [:error] [pid 13173] mod_cosign: >>> snet_starttls: error:14090086:SSL >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>> [Sun Jul 17 16:35:32.111515 2016] [:error] [pid 13173] mod_cosign: >>> snet_starttls: error:14090086:SSL >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>> [Sun Jul 17 16:35:32.133292 2016] [:error] [pid 13173] mod_cosign: >>> snet_starttls: error:14090086:SSL >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>> [Sun Jul 17 16:35:32.152370 2016] [:error] [pid 13173] mod_cosign: >>> snet_starttls: error:14090086:SSL >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>> [Sun Jul 17 16:35:32.152474 2016] [:error] [pid 13173] mod_cosign: >>> cosign_cookie_valid: Unable to connect to any Cosign server. >>> >>> >>> After adding my CosignHostName server to my /etc/hosts file there are only >>> two error messages: >>> >>> [Sun Jul 17 16:37:44.480698 2016] [:error] [pid 13264] mod_cosign: >>> snet_starttls: error:14090086:SSL >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>> [Sun Jul 17 16:37:44.480810 2016] [:error] [pid 13264] mod_cosign: >>> cosign_cookie_valid: Unable to connect to any Cosign server. >>> >>> It seems like maybe some security feature in El Capitan is blocking Cosign >>> from doing DNS lookups. I cannot determine what other name is being looked >>> up by Cosign. I tried adding all the server names that might appear in any >>> of my certificates to no avail. >>> >>> Any ideas of how to fix this? >>> >>> --Andrew >>> >>> =================================================== >>> Andrew J. Miller >>> Programmer/Analyst >>> Department of Engineering Science & Mechanics >>> Pennsylvania State University >>> 212 Earth and Engineering Sciences Building >>> University Park, PA 16802 >>> =================================================== >>> >>> ------------------------------------------------------------------------------ >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >>> patterns at an interface-level. Reveals which users, apps, and protocols are >>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>> planning >>> reports.http://sdm.link/zohodev2dev >>> _______________________________________________ >>> Cosign-discuss mailing list >>> Cosign-discuss@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss > ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
