[pubcookie-users] index.cgi 500 Internal Server Error
Nathan Dors
dors at cac.washington.edu
Fri Feb 4 13:11:29 PST 2005
Did you successfully run keyclient to generate a new DES key for
the login server, i.e. by running the keyclient on
microcline.usg.tufts.edu, for microcline.usg.tufts.edu, resulting
in a key in /usr/local/pubcookie/keys/microcline.usg.tufts.edu?
I only ask because of the strange keyserver messages in your log
file.
Also, is /usr/local/apache/conf/ssl.crt/bossie.crt the cert issued
by the Bossie CA from the supervillain.csr (and corresponding with
supervillain.key)?
Also, what does this command output:
openssl rsa -check -noout -in /usr/local/apache/conf/ssl.key/supervillain.key
-Nathan
On Fri, 4 Feb 2005, elena ryazanova wrote:
> Hi,
> I have problems with pubcookie (3.2.0) initial installation.
> When I open index.cgi in a browser I am getting 500 Internal Server Error.
>
> From /var/log/authlog:
> ...............
> Feb 4 15:03:16 microcline.usg.tufts.edu keyserver[13884]: [ID 702911
> auth.error] REQ=GET https://microcline.usg.tufts.edu:2222?genk
> ey=setpkey&setkey=-----BEGIN CERTIFICATE-----
> Feb 4 15:03:16 microcline.usg.tufts.edu
> MIICnjCCAgegAwIBAgICBFgwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
> ...
> Feb 4 15:03:16 microcline.usg.tufts.edu 0WVt59WdyEPRY4 ?No ---END
> CERTIFICATE-----!?
> Feb 4 15:03:30 microcline.usg.tufts.edu pubcookie login server[13894]: [ID
> 702911 auth.error] security_init: couldn't find session
> keyfile (try setting ssl_key_file?)
> Feb 4 15:03:30 microcline.usg.tufts.edu pubcookie login server[13894]: [ID
> 702911 auth.error] security_init failed
> ............
> My pubcookie config file:
> # 1 is a good starting point
> logging_level: 3
>
> # the credential verifier used by the basic flavor
> basic_verifier: alwaystrue
>
> # SSL session keypair
> ssl_key_file: /usr/local/apache/conf/ssl.key/supervillain.key
> ssl_cert_file: /usr/local/apache/conf/ssl.crt/bossie.crt
> ssl_ca_file: /usr/local/apache/conf/ssl.crt/ca-bundle.crt
>
> # granting keypair
> granting_key_file: /usr/local/pubcookie/keys/granting_supervillain.key
> granting_cert_file: /usr/local/pubcookie/keys/granting_bossie.crt
>
> # login server config
> login_uri: https://microcline.usg.tufts.edu/
> login_host: microcline.usg.tufts.edu
> enterprise_domain: .tufts.edu
> logout_prog: /logout/index.cgi
>
> # keyserver config
> keymgt_uri: https://microcline.usg.tufts.edu:2222
> keyserver_client_list: microcline.usg.tufts.edu trusted.example.edu
> ssl_ca_file: /usr/local/apache/conf/ssl.crt/ca-bundle.crt
>
>
> Test certificates are obtained from
> https://bossie.doit.wisc.edu:3443/cert/i2server/csr. 1024 bit key file
> generated following instructions for shibboleth identity provider:
>
> openssl genrsa -out supervillain.key 1024
> openssl req -new -key supervillain.key -out supervillain.csr
>
> openssl verify -CAfile /usr/local/apache/conf/ssl.crt/ca-bundle.crt -verbose
> keys/granting_bossie.crt
> keys/granting_bossie.crt: OK
>
> I tried 2048 bit key first, results are the same as with 1024.
>
>
> I would appreciate any help.
> Thank you,
>
> --
> Elena Ryazanova
> System Administrator
> Tufts Computing and Communication Services
> Phone: (617)627-5118
> Email: Elena.Ryazanova at Tufts.Edu
>
>
More information about the pubcookie-users
mailing list