SSL cert errors using mod_auth_cas
Smith, Matt
matt.smith at uconn.edu
Wed Aug 1 17:13:17 EDT 2007
Paul-
Did c_rehash properly create the hash symlinks in that directory?
Generally, I put my CA certs in OpenSSL's default CA directory (usually /etc/ssl/certs), with a "pem" extension, and run c_rehash with no parameters. Then, for good measure, I restart apache. But, I have never done this with a chain cert.
Also, could you supply a bit more info for troubleshooting:
What OS and platform?
What version of Apache?
And could you try to set "CASValidateServer off", just to make sure things work without validation?
Hopefully Phil (this mod_auth_cas author) can comment on how well chain certs are handled -- though, I don't think that is something we've tested yet.
Thanks,
-Matt
-----Original Message-----
From: cas-bounces at tp.its.yale.edu on behalf of Paul Ortman
Sent: Wed 2007-08-01 15:51
To: Yale CAS mailing list
Subject: Re: SSL cert errors using mod_auth_cas
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Smith, Matt wrote:
> Try running this:
>
> c_rehash /etc/apache2/ssl/trusted_keys
>
> This should create two hash symlinks in that directory. These hash
> symlinks are used by the openssl libs to locate the proper certs.
Sadly, that made no difference. Thanks for the tip thought. I'm out of
ideas...
- --
Paul Ortman
PGP Key: 55602C81
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGsORRfw8KGlVgLIERAlCdAJsExRBcoeCRIRxC9B+RwptZBLBHdwCff+q4
D1tCKenkeuI+G2kZ4eOL/64=
=/VdJ
-----END PGP SIGNATURE-----
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
More information about the cas
mailing list