The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.
OpenSSLErrors
OpenSSL is a toolkit that Shibboleth uses to perform most of its cryptography in providing mutual authentication of providers and secure channels for communication. Notoriously confusing error messages from OpenSSL may appear in Apache and various Shibboleth logs as a result of misconfiguration. A few commonly encountered SSL errors and possible causes are piled here.
Always check first to ensure that there is only one version of OpenSSL being used by Apache, the various dependencies of Shibboleth, and Shibboleth itself. OpenSSL doesn't version itself properly, which causes the Linux community to in turn version it according to their own whims, all of which results in dependent code loading versions that ordinarily they wouldn't even see. Mix versions from different packagers and you get total chaos. Windows installations are worse, with old OpenSSL installations (or packages that include SSL libraries, like PHP) often contaminating system32 .
SSL: couldn't set callbackERROR shibtarget.ShibHTTPHook[2] sessionGet: caught a SAML exception while attaching credentials to request: Unable to attach private key to SSL contextERROR shibtarget.SessionCache[2] sessionGet: caught SAML exception during SAML attribute query: !SOAPHTTPBindingProvider::send() failed while contacting SAML responder: error signaled by ssl ctx callback: SSLCtxCallbackErrorERROR {nl:OpenSSL[6004] sessionNew: path validation failure: unable to get local issuer certificate}}error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
ERROR OpenSSL [0] sessionNew: error code: 151429224 in pem_lib.c