Rlm_perl plugin certificate verify failed

Question
#1

Hi There,

I get the following error when enabling SSL Check: privacyIDEA request
failed: 500 Can’t connect to privacyidea.changed.ch:443 (certificate verify
failed)

i got an officially signed Comodo Positive SSL Wildcard Certificate but as
soon as i set SSL_Check to true i get the above error.

Any clue or tips as to why my certificate is not being accepted?

Server: Ubuntu 14.04
Privacyidea: Version: 2.12.1-1trusty

rlm_perl.ini:
[Default]
URL = https://privacyidea.changed.ch/validate/check
#REALM = someRealm
#RESCONF = someResolver
SSL_CHECK = true
#DEBUG = true

#2

Nevermind, i got it!
Had to put in the intermediate certificate on certificatechainfile.in
apache2.
SSLCertificateChainFile
/etc/ssl/certs/COMODORSADomainValidationSecureServerCA.crtOn Wednesday, June 15, 2016 at 12:15:47 PM UTC+2, jmdeking wrote:

Hi There,

I get the following error when enabling SSL Check: privacyIDEA request
failed: 500 Can’t connect to privacyidea.changed.ch:443
http://privacyidea.changed.ch:443 (certificate verify failed)

i got an officially signed Comodo Positive SSL Wildcard Certificate but
as soon as i set SSL_Check to true i get the above error.

Any clue or tips as to why my certificate is not being accepted?

Server: Ubuntu 14.04
Privacyidea: Version: 2.12.1-1trusty

rlm_perl.ini:
[Default]
URL = https://privacyidea.changed.ch/validate/check
#REALM = someRealm
#RESCONF = someResolver
SSL_CHECK = true
#DEBUG = true

#3

Hi,

thanks a lot for sharing your solution.

Kind regards
CorneliusAm Mittwoch, den 15.06.2016, 03:27 -0700 schrieb jmdeking:

Nevermind, i got it!

Had to put in the intermediate certificate on certificatechainfile.in
apache2.

SSLCertificateChainFile /etc/ssl/certs/COMODORSADomainValidationSecureServerCA.crt

On Wednesday, June 15, 2016 at 12:15:47 PM UTC+2, jmdeking wrote:
Hi There,

    I get the following error when enabling SSL Check: privacyIDEA
    request failed: 500 Can't connect to
    privacyidea.changed.ch:443 (certificate verify failed)
    
    
    i got an officially signed Comodo Positive SSL Wildcard
    Certificate  but as soon as i set SSL_Check to true i get the
    above error.
    
    
    Any clue or tips as to why my certificate is not being
    accepted?
    
    
    Server: Ubuntu 14.04
    Privacyidea: Version: 2.12.1-1trusty
    
    
    rlm_perl.ini:
    [Default]
    URL = https://privacyidea.changed.ch/validate/check
    #REALM = someRealm
    #RESCONF = someResolver
    SSL_CHECK = true
    #DEBUG = true


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/f8b4dc01-1778-420c-962d-877defe20b32%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)