Re: Webkdc certificate verify failed

Wed, 07 Nov 2012 13:08:30 -0800 

I changed $URL=https://webkdc.example.com/webkdc-service/ to $URL=
https://localhost/webkdc-service/ and there is something new :

[Wed Nov 07 22:03:45 2012] [notice] mod_webkdc: event=getTokens
from=192.168.0.182
server=krb5:webauth/lavardin.example.com@example.comuser=krb5:webauth/
lavardin.example....@example.com type=service
[Wed Nov 07 22:03:45 2012] [warn] FastCGI: (dynamic) server
"/usr/local/webkdc/share/weblogin/login.fcgi" (uid 0, gid 0) started (pid
11582)
[Wed Nov 07 22:03:45 2012] [error] [client 192.168.0.182] FastCGI: server
"/usr/local/webkdc/share/weblogin/login.fcgi" stderr: post failed
[Wed Nov 07 22:03:45 2012] [error] [client 192.168.0.182] FastCGI: server
"/usr/local/webkdc/share/weblogin/login.fcgi" stderr: 500 Can't connect to
localhost:443 (certificate verify failed)
[Wed Nov 07 22:03:45 2012] [error] [client 192.168.0.182] FastCGI: server
"/usr/local/webkdc/share/weblogin/login.fcgi" stderr: Content-Type:
text/plain
[Wed Nov 07 22:03:45 2012] [error] [client 192.168.0.182] FastCGI: server
"/usr/local/webkdc/share/weblogin/login.fcgi" stderr: Client-Date: Wed, 07
Nov 2012 21:03:45 GMT
[Wed Nov 07 22:03:45 2012] [error] [client 192.168.0.182] FastCGI: server
"/usr/local/webkdc/share/weblogin/login.fcgi" stderr: Client-Warning:
Internal response
[Wed Nov 07 22:03:45 2012] [error] [client 192.168.0.182] FastCGI: server
"/usr/local/webkdc/share/weblogin/login.fcgi" stderr: Can't connect to
localhost:443 (certificate verify failed)



2012/11/7 Russ Allbery <ea...@windlord.stanford.edu>

> James James <jre...@gmail.com> writes:
>
> > my /etc/webkdc/webkdc.conf look like this :
>
> > # The KEYRING_PATH should match what you put in your httpd config
> > $KEYRING_PATH = "/etc/httpd/conf/webkdc/keyring";
> > $URL = "https://webkdc.example.com/webkdc-service/";;
>
> Normally, this should be https://localhost/webkdc-service/.  Do you really
> want to run the WebKDC on a different host than the WebLogin service?  If
> so, you'll need to configure the SSL certificate used by Perl LWP.  You
> can do that by setting $ENV{PERL_LWP_SSL_CA_FILE} in the configuration
> file to the path to the CA certificate used by the WebKDC.  But usually
> it's easier to just use localhost here, which is already special-cased.
>
> --
> Russ Allbery <ea...@windlord.stanford.edu>
> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
>






















					Reply via email to