[AG-DEV] AG3 VenueManagement can't connect

Thomas D. Uram turam at mcs.anl.gov
Wed Feb 22 01:54:40 CST 2006


I believe it was resolved before beta1.  Which code are you running?  Can you 
provide
more of VenueManagement.log?




On 2/22/06 1:31 AM, Todd Zimmerman wrote:
> Was this problem ever resolved??
> 
> I'm running into the same issue - trying to connect with a valid service certificate from either the
> local machine or a remote machine.
> 
> VenueManagement.log reports:
> sslerror: (1, 'error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca'
> 
> The server is running on a RHEL4 box so there may be some oddities - but the server seems to be
> stable and will accept connections.
> 
> Any info would help - thx!
> 
> Todd
> 
> 
> Thomas D. Uram wrote:
>> Ok, I haven't been able to reproduce the problem, but Eric has seen this
>> problem.
>> We'll get back to you today with a fix.
>>
>> Tom
>>
>>
>> On 1/21/06 3:07 AM, Christoph Willing wrote:
>>> On 21/01/2006, at 6:53 AM, Thomas D. Uram wrote:
>>>
>>>> Chris:
>>>>
>>>> This line occurs repeatedly:
>>>>
>>>> sslerror: (1, 'error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 
>>>> alert unknown ca')
>>>>
>>>> Do you have the appropriate CA certs in the cert repository?
>>>
>>> Tom,
>>>
>>> I have:
>>> ag at v2:~$ ls -l /etc/AccessGrid3/Config/CAcertificates/
>>> total 32
>>> -rw-r--r--  1 ag ag 1436 2004-04-20 08:00 1c3f2ca8.0
>>> -rw-r--r--  1 ag ag 2276 2004-05-07 04:51 1c3f2ca8.signing_policy
>>> -rw-r--r--  1 ag ag  904 2004-03-26 00:25 45cc9e80.0
>>> -rw-r--r--  1 ag ag 1334 2004-03-26 00:25 45cc9e80.signing_policy
>>> -rw-r--r--  1 ag ag 1448 2004-04-20 08:00 d1b603c3.0
>>> -rw-r--r--  1 ag ag 2263 2004-03-26 00:25 d1b603c3.signing_policy
>>> -rw-r--r--  1 ag ag 1334 2004-09-06 15:26 f18fa857.0
>>> -rw-r--r--  1 ag ag  571 2004-09-06 15:26 f18fa857.signing_policy
>>>
>>>
>>>> I'm ignoring the 'connection refused' errors, because I expect 
>>>> either the server wasn't
>>>> running, or was running on a different network interface.
>>>
>>> The venue server was running; there's only one network interface on 
>>> the machine.
>>>
>>>
>>> chris
>>>
>>>
>>>
>>>> On 1/20/06 2:37 PM, Christoph Willing wrote:
>>>>
>>>>> On 21/01/2006, at 3:03 AM, Thomas D. Uram wrote:
>>>>>
>>>>>> Is there mention of the default certificate in VenueManagement.log?
>>>>>> If details there aren't clear, I'd sure be interested to see the  log.
>>>>> Tom,
>>>>> A log of yesterday's attempts is attached. It includes attempts 
>>>>> with  server running secure mode then insecure mode, although I 
>>>>> don't know  if thats evident from the log. It also shows the 
>>>>> different server  names used (localhost & fqdn).
>>>>> The default certificate is mentioned a few times (at each start up 
>>>>> I  guess). Since VenueServer and VenueManagement are running on  the
>>>>> same  machine, each is using the same default cert, which  mostly
>>>>> happens to  be a server certificiate, although you'll see  near the
>>>>> end that I  also tried using an Anonymous User cert too.
>>>>> chris
>>>>>
>>>>>> On 1/19/06 10:25 PM, Christoph Willing wrote:
>>>>>>
>>>>>>> On 20/01/2006, at 2:01 PM, Thomas D. Uram wrote:
>>>>>>>
>>>>>>>> Is your default certificate an identity certificate (i.e.,  does 
>>>>>>>> it  require a passphrase?).
>>>>>>>> That's not being handled currently.  If so, try using a 
>>>>>>>> service   certificate instead.
>>>>>>>> If not, something's wrong.
>>>>>>>
>>>>>>> Tom,
>>>>>>> Its a VenueServer certificate, borrowed from another machine, 
>>>>>>> and   same result using an anonymous certificate.
>>>>>>> ag at v2:~$ certmgr.py
>>>>>>> (ID mode) > list
>>>>>>> 1. (Default) /O=Access Grid/OU=agdev-ca.mcs.anl.gov/ 
>>>>>>> CN=VenueServer/ seivers.vislab.uq.edu.au
>>>>>>> 2. /O=Access Grid/O=Argonne National Laboratory/OU=Futures Lab   
>>>>>>> Anonymous Authority/CN=Anonymous User  
>>>>>>> 486c88f05354caa6e542b09b19cdee01
>>>>>>> (ID mode) > show 1
>>>>>>> Subject:  /O=Access Grid/OU=agdev-ca.mcs.anl.gov/ CN=VenueServer/ 
>>>>>>> seivers.vislab.uq.edu.au
>>>>>>> Issuer:  /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=Access Grid   
>>>>>>> Developers CA
>>>>>>> Certificate version: 2
>>>>>>> Serial number: 5778
>>>>>>> Not valid before: 03/18/05 01:41:35
>>>>>>> Not valid after: 03/18/06 01:41:35
>>>>>>> MD5 Fingerprint: 2A:81:9C:98:C2:76:09:1F:6C:E9:3E:47:B7:99:65:65
>>>>>>> Certificate location: /home/ag/.AccessGrid3/Config/certRepo/  
>>>>>>> certificates/9c833de531fe7da7cff5bbfeaaf770fc/  
>>>>>>> 1c291311d25c9e1f2a79b98047ad6fec/cert.pem
>>>>>>> Private key location: /home/ag/.AccessGrid3/Config/certRepo/  
>>>>>>> privatekeys/2f30fa4ccf0c09b08e4b9050829bc33b.pem
>>>>>>>
>>>>>>>> On 1/19/06 7:30 PM, Christoph Willing wrote:
>>>>>>>>
>>>>>>>>> Working with a packaged AG3, I can run the VenueServer and  
>>>>>>>>> connect  to  it with a VenueClient. However I can't connect  to 
>>>>>>>>> it with the   VenueManagement tool. Trying to connect  (from
>>>>>>>>> same  machine) with:
>>>>>>>>>     https://localhost/VenueServer
>>>>>>>>> or    https://v2.vislab.uq.edu.au/VenueServer
>>>>>>>>> both immediately result in a "Unable To Connect" popup msg 
>>>>>>>>> box   saying:
>>>>>>>>>     You were unable to connect to the venue server at:
>>>>>>>>>     https://v2.vislab.uq.edu.au/VenueServer.
>>>>>>>>> The VenueServer.log doesn't mention anything about a  
>>>>>>>>> connection   attempt in such cases.
>>>>>>>>> If I then add a :8000 to the url, the following error is  added 
>>>>>>>>> to   VenueServer.log:
>>>>>>>>> 01/20/06 11:27:29 -1273504848 Hosting     ServiceContainer.py: 
>>>>>>>>> 146   ERROR None
>>>>>>>>> Traceback (most recent call last):
>>>>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/  
>>>>>>>>> SSLServer.py",  line 29, in handle_request
>>>>>>>>>     request, client_address = self.get_request()
>>>>>>>>>   File "/usr/lib/python2.4/SocketServer.py", line 373, in  
>>>>>>>>> get_request
>>>>>>>>>     return self.socket.accept()
>>>>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/   
>>>>>>>>> Connection.py", line 114, in accept
>>>>>>>>>     ssl.accept_ssl()
>>>>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/   
>>>>>>>>> Connection.py", line 103, in accept_ssl
>>>>>>>>>     return m2.ssl_accept(self.ssl)
>>>>>>>>> SSLError: no certificate returned
>>>
>>>
>>>
>>> Christoph Willing                           +61 7 3365 8350
>>> QPSF Access Grid Manager
>>> University of Queensland
>>>
>>>
>>>
>>>
> 
> 




More information about the ag-dev mailing list