I’ve run that command a few times and I don’t see any ssl connection errors in the output.
> On Jul 19, 2016, at 6:18 AM, Jorj Bauer <j...@temple.edu> wrote: > > In that case, what's the output of > > openssl s_client -connect cosign-test.example.com:6663 -cert > /etc/apache/certs/cosign-test.cert -key /etc/apache/certs/cosign-test.key > -CApath /var/cosign/certs/CA -showcerts -state -debug -crlf -starttls smtp > > ... with appropriate paths and hostnames, of course. :) > > > > On 7/18/16 9:03 PM, Andrew Miller wrote: >> No, SHA-256. >> >> --Andrew >> >>> On Jul 18, 2016, at 8:53 PM, Jorj Bauer <j...@temple.edu> wrote: >>> >>> I would guess it's that your server cert is SHA/1, and El Capitan refuses >>> to let you use it. >>> >>> -- Jorj >>> >>> Sent from my iPhone >>> >>> On Jul 18, 2016, at 11:12, Andrew Miller <ajmil...@engr.psu.edu> wrote: >>> >>>> I had mod_cosign working fine with Mac OS X Yosemite Server, but after >>>> upgrade to El Capitan I’m seeing ssl errors with certificate validation. >>>> The certs are all valid because they worked under the previous OS. >>>> >>>> >>>> Initially I saw these five error messages: >>>> [Sun Jul 17 16:35:32.090667 2016] [:error] [pid 13173] mod_cosign: >>>> snet_starttls: error:14090086:SSL >>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>>> [Sun Jul 17 16:35:32.111515 2016] [:error] [pid 13173] mod_cosign: >>>> snet_starttls: error:14090086:SSL >>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>>> [Sun Jul 17 16:35:32.133292 2016] [:error] [pid 13173] mod_cosign: >>>> snet_starttls: error:14090086:SSL >>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>>> [Sun Jul 17 16:35:32.152370 2016] [:error] [pid 13173] mod_cosign: >>>> snet_starttls: error:14090086:SSL >>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>>> [Sun Jul 17 16:35:32.152474 2016] [:error] [pid 13173] mod_cosign: >>>> cosign_cookie_valid: Unable to connect to any Cosign server. >>>> >>>> >>>> After adding my CosignHostName server to my /etc/hosts file there are only >>>> two error messages: >>>> >>>> [Sun Jul 17 16:37:44.480698 2016] [:error] [pid 13264] mod_cosign: >>>> snet_starttls: error:14090086:SSL >>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >>>> [Sun Jul 17 16:37:44.480810 2016] [:error] [pid 13264] mod_cosign: >>>> cosign_cookie_valid: Unable to connect to any Cosign server. >>>> >>>> It seems like maybe some security feature in El Capitan is blocking Cosign >>>> from doing DNS lookups. I cannot determine what other name is being looked >>>> up by Cosign. I tried adding all the server names that might appear in any >>>> of my certificates to no avail. >>>> >>>> Any ideas of how to fix this? >>>> >>>> --Andrew >>>> >>>> =================================================== >>>> Andrew J. Miller >>>> Programmer/Analyst >>>> Department of Engineering Science & Mechanics >>>> Pennsylvania State University >>>> 212 Earth and Engineering Sciences Building >>>> University Park, PA 16802 >>>> =================================================== >>>> >>>> ------------------------------------------------------------------------------ >>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and >>>> traffic >>>> patterns at an interface-level. Reveals which users, apps, and protocols >>>> are >>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>>> planning >>>> reports.http://sdm.link/zohodev2dev >>>> _______________________________________________ >>>> Cosign-discuss mailing list >>>> Cosign-discuss@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss >> > ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
