After notification from the MN that the server side certificate has been installed, verify that it is working correctly.
#3 Updated by Chris Jones over 9 years ago
When connecting to dataone-test.pop.umn.edu over SSL, the connection outside of a browser fails:
openssl s_client -connect dataone-test.pop.umn.edu:443 -CAfile addtrustexternalcaroot.crt
0 s:/C=US/postalCode=55455/ST=MN/L=Minneapolis/street=100 Union Street SE/O=University of Minnesota/OU=College of Liberal Arts/CN=dataone-test.pop.umn.edu
i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA¶
Verify return code: 21 (unable to verify the first certificate)
Note that only one certificate is returned in the chain. This usually means that Apache SSL directives are not configured completely. The server needs to return both the server certificate, and the intermediate CA certificates that sign the server certificate up to, and potentially including, the root certificate.
Fabio needs to download the intermediate chain file from the InCommon CA provider, and install that in Apache, then restart Apache.