shibboleth-dev - RE: change to tests in the shib IdP Install checklist.....
Subject: Shibboleth Developers
List archive
- From:
- To: "Scott Cantor" <>, <>
- Subject: RE: change to tests in the shib IdP Install checklist.....
- Date: Tue, 28 Dec 2004 17:01:53 -0500
At 4:11 PM -0500 12/28/04, Scott Cantor wrote:
> I was thinking of suggesting that people type something like this to
make sure that they've correctly configured the SSL support into
apache:
curl -L --key "../shibboleth.key" --cert "../shibboleth.crt" --cacert
"../shibboleth.crt" https://stc-linux.cis.brown.edu:8443/jsp-examples
I don't think this will work if the certificate isn't self-signed. I would
think you either need to have the actual CA in that file, or you'd need to
use -k to just disable the check.
If it works, I need to look at the code because I couldn't get my code to
work that way without overriding more of openssl than libcurl does.
you're right -- when I tested this earlier today, the shib instance on this box was configured for a bilateral trust arrangement.
however, I'm presuming that if I pointed the --cacert parm at the ca-bundle file being used by mod_ssl, this should work?
(Note: I'm not sure why the -L is needed, but this doesn't seem to
work for me without it....)
-L just says to follow redirects. It should work either way, but you're
getting back an empty body with a Location header. I would use -I instead
and just invoke a HEAD request. You could also pass the command to dump the
server response headers, don't recall what it is. But that's shorter output.
thanks for the hints!
- change to tests in the shib IdP Install checklist....., Steven_Carmody, 12/28/2004
- RE: change to tests in the shib IdP Install checklist....., Scott Cantor, 12/28/2004
- RE: change to tests in the shib IdP Install checklist....., Steven_Carmody, 12/28/2004
- RE: change to tests in the shib IdP Install checklist....., Scott Cantor, 12/28/2004
- RE: change to tests in the shib IdP Install checklist....., Steven_Carmody, 12/28/2004
- RE: change to tests in the shib IdP Install checklist....., Scott Cantor, 12/28/2004
Archive powered by MHonArc 2.6.16.