[AG-DEV] AG3 VenueManagement can't connect
Todd Zimmerman
toddz at sfu.ca
Wed Feb 22 01:31:27 CST 2006
Was this problem ever resolved??
I'm running into the same issue - trying to connect with a valid service certificate from either the
local machine or a remote machine.
VenueManagement.log reports:
sslerror: (1, 'error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
The server is running on a RHEL4 box so there may be some oddities - but the server seems to be
stable and will accept connections.
Any info would help - thx!
Todd
Thomas D. Uram wrote:
> Ok, I haven't been able to reproduce the problem, but Eric has seen this
> problem.
> We'll get back to you today with a fix.
>
> Tom
>
>
> On 1/21/06 3:07 AM, Christoph Willing wrote:
>>
>> On 21/01/2006, at 6:53 AM, Thomas D. Uram wrote:
>>
>>> Chris:
>>>
>>> This line occurs repeatedly:
>>>
>>> sslerror: (1, 'error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>>> alert unknown ca')
>>>
>>> Do you have the appropriate CA certs in the cert repository?
>>
>>
>> Tom,
>>
>> I have:
>> ag at v2:~$ ls -l /etc/AccessGrid3/Config/CAcertificates/
>> total 32
>> -rw-r--r-- 1 ag ag 1436 2004-04-20 08:00 1c3f2ca8.0
>> -rw-r--r-- 1 ag ag 2276 2004-05-07 04:51 1c3f2ca8.signing_policy
>> -rw-r--r-- 1 ag ag 904 2004-03-26 00:25 45cc9e80.0
>> -rw-r--r-- 1 ag ag 1334 2004-03-26 00:25 45cc9e80.signing_policy
>> -rw-r--r-- 1 ag ag 1448 2004-04-20 08:00 d1b603c3.0
>> -rw-r--r-- 1 ag ag 2263 2004-03-26 00:25 d1b603c3.signing_policy
>> -rw-r--r-- 1 ag ag 1334 2004-09-06 15:26 f18fa857.0
>> -rw-r--r-- 1 ag ag 571 2004-09-06 15:26 f18fa857.signing_policy
>>
>>
>>> I'm ignoring the 'connection refused' errors, because I expect
>>> either the server wasn't
>>> running, or was running on a different network interface.
>>
>>
>> The venue server was running; there's only one network interface on
>> the machine.
>>
>>
>> chris
>>
>>
>>
>>>
>>> On 1/20/06 2:37 PM, Christoph Willing wrote:
>>>
>>>> On 21/01/2006, at 3:03 AM, Thomas D. Uram wrote:
>>>>
>>>>> Is there mention of the default certificate in VenueManagement.log?
>>>>> If details there aren't clear, I'd sure be interested to see the log.
>>>>
>>>> Tom,
>>>> A log of yesterday's attempts is attached. It includes attempts
>>>> with server running secure mode then insecure mode, although I
>>>> don't know if thats evident from the log. It also shows the
>>>> different server names used (localhost & fqdn).
>>>> The default certificate is mentioned a few times (at each start up
>>>> I guess). Since VenueServer and VenueManagement are running on the
>>>> same machine, each is using the same default cert, which mostly
>>>> happens to be a server certificiate, although you'll see near the
>>>> end that I also tried using an Anonymous User cert too.
>>>> chris
>>>>
>>>>> On 1/19/06 10:25 PM, Christoph Willing wrote:
>>>>>
>>>>>> On 20/01/2006, at 2:01 PM, Thomas D. Uram wrote:
>>>>>>
>>>>>>> Is your default certificate an identity certificate (i.e., does
>>>>>>> it require a passphrase?).
>>>>>>> That's not being handled currently. If so, try using a
>>>>>>> service certificate instead.
>>>>>>> If not, something's wrong.
>>>>>>
>>>>>>
>>>>>> Tom,
>>>>>> Its a VenueServer certificate, borrowed from another machine,
>>>>>> and same result using an anonymous certificate.
>>>>>> ag at v2:~$ certmgr.py
>>>>>> (ID mode) > list
>>>>>> 1. (Default) /O=Access Grid/OU=agdev-ca.mcs.anl.gov/
>>>>>> CN=VenueServer/ seivers.vislab.uq.edu.au
>>>>>> 2. /O=Access Grid/O=Argonne National Laboratory/OU=Futures Lab
>>>>>> Anonymous Authority/CN=Anonymous User
>>>>>> 486c88f05354caa6e542b09b19cdee01
>>>>>> (ID mode) > show 1
>>>>>> Subject: /O=Access Grid/OU=agdev-ca.mcs.anl.gov/ CN=VenueServer/
>>>>>> seivers.vislab.uq.edu.au
>>>>>> Issuer: /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=Access Grid
>>>>>> Developers CA
>>>>>> Certificate version: 2
>>>>>> Serial number: 5778
>>>>>> Not valid before: 03/18/05 01:41:35
>>>>>> Not valid after: 03/18/06 01:41:35
>>>>>> MD5 Fingerprint: 2A:81:9C:98:C2:76:09:1F:6C:E9:3E:47:B7:99:65:65
>>>>>> Certificate location: /home/ag/.AccessGrid3/Config/certRepo/
>>>>>> certificates/9c833de531fe7da7cff5bbfeaaf770fc/
>>>>>> 1c291311d25c9e1f2a79b98047ad6fec/cert.pem
>>>>>> Private key location: /home/ag/.AccessGrid3/Config/certRepo/
>>>>>> privatekeys/2f30fa4ccf0c09b08e4b9050829bc33b.pem
>>>>>>
>>>>>>> On 1/19/06 7:30 PM, Christoph Willing wrote:
>>>>>>>
>>>>>>>> Working with a packaged AG3, I can run the VenueServer and
>>>>>>>> connect to it with a VenueClient. However I can't connect to
>>>>>>>> it with the VenueManagement tool. Trying to connect (from
>>>>>>>> same machine) with:
>>>>>>>> https://localhost/VenueServer
>>>>>>>> or https://v2.vislab.uq.edu.au/VenueServer
>>>>>>>> both immediately result in a "Unable To Connect" popup msg
>>>>>>>> box saying:
>>>>>>>> You were unable to connect to the venue server at:
>>>>>>>> https://v2.vislab.uq.edu.au/VenueServer.
>>>>>>>> The VenueServer.log doesn't mention anything about a
>>>>>>>> connection attempt in such cases.
>>>>>>>> If I then add a :8000 to the url, the following error is added
>>>>>>>> to VenueServer.log:
>>>>>>>> 01/20/06 11:27:29 -1273504848 Hosting ServiceContainer.py:
>>>>>>>> 146 ERROR None
>>>>>>>> Traceback (most recent call last):
>>>>>>>> File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/
>>>>>>>> SSLServer.py", line 29, in handle_request
>>>>>>>> request, client_address = self.get_request()
>>>>>>>> File "/usr/lib/python2.4/SocketServer.py", line 373, in
>>>>>>>> get_request
>>>>>>>> return self.socket.accept()
>>>>>>>> File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/
>>>>>>>> Connection.py", line 114, in accept
>>>>>>>> ssl.accept_ssl()
>>>>>>>> File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/
>>>>>>>> Connection.py", line 103, in accept_ssl
>>>>>>>> return m2.ssl_accept(self.ssl)
>>>>>>>> SSLError: no certificate returned
>>
>>
>>
>>
>> Christoph Willing +61 7 3365 8350
>> QPSF Access Grid Manager
>> University of Queensland
>>
>>
>>
>>
>
More information about the ag-dev
mailing list