Shibboleth Developers

["RL 'Bob' Morgan" <>]

On Thu, 29 May 2003 

 wrote:

> With a LOT of help from Walter, I added a new KeyAuthority element to
> my sites.xml file. I basically copied the existing entry for shib2,
> and made a new explicit entry for my origin host.
>
> After  restarting the SHAR, I was able to successfully use my origin......

Yup, worked the same way for me.

> so, the problem would seem to be with cert chain validation on the
> target side.....

The error line from shar.log (new_session validate getX509Store: error
code: 185057381 in x509_lu.c, line 336) points to something in openssl's
X509_STORE_add_cert(), which is called from shib's XMLTrust.cpp.  So
something going wrong in adding certs to the certstore ...

 - RL "Bob"


------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--