Skip to Content.
Sympa Menu

shibboleth-dev - RE: change to tests in the shib IdP Install checklist.....

Subject: Shibboleth Developers

List archive

RE: change to tests in the shib IdP Install checklist.....


Chronological Thread 
  • From:
  • To: "Scott Cantor" <>, <>
  • Subject: RE: change to tests in the shib IdP Install checklist.....
  • Date: Tue, 28 Dec 2004 17:01:53 -0500

At 4:11 PM -0500 12/28/04, Scott Cantor wrote:
> I was thinking of suggesting that people type something like this to
make sure that they've correctly configured the SSL support into
apache:

curl -L --key "../shibboleth.key" --cert "../shibboleth.crt" --cacert
"../shibboleth.crt" https://stc-linux.cis.brown.edu:8443/jsp-examples

I don't think this will work if the certificate isn't self-signed. I would
think you either need to have the actual CA in that file, or you'd need to
use -k to just disable the check.

If it works, I need to look at the code because I couldn't get my code to
work that way without overriding more of openssl than libcurl does.

you're right -- when I tested this earlier today, the shib instance on this box was configured for a bilateral trust arrangement.

however, I'm presuming that if I pointed the --cacert parm at the ca-bundle file being used by mod_ssl, this should work?


(Note: I'm not sure why the -L is needed, but this doesn't seem to
work for me without it....)

-L just says to follow redirects. It should work either way, but you're
getting back an empty body with a Location header. I would use -I instead
and just invoke a HEAD request. You could also pass the command to dump the
server response headers, don't recall what it is. But that's shorter output.


thanks for the hints!



Archive powered by MHonArc 2.6.16.

Top of Page