[AG-DEV] AG3 VenueManagement can't connect

Todd Zimmerman toddz at sfu.ca
Wed Feb 22 12:07:03 CST 2006 

I'm running the server from CVS installed yesterday and I tested connecting locally and remotely
from a FC4 box running the latest code from Doug's site (installed yesterday also).

I've attached the VenueManagement.log from both the server (local) and a client (remote).

I will nuke my cvs AccessGrid install and try it again to ensure that the server isn't in an odd
state... and like I mentioned, I had to make a couple of changes on the server to get it to run - so
a reinstall is probably worth it to ensure a clean installation.

Todd

Thomas D. Uram wrote:
> I believe it was resolved before beta1.  Which code are you running? 
> Can you provide
> more of VenueManagement.log?
> 
> 
> 
> 
> On 2/22/06 1:31 AM, Todd Zimmerman wrote:
>> Was this problem ever resolved??
>>
>> I'm running into the same issue - trying to connect with a valid
>> service certificate from either the
>> local machine or a remote machine.
>>
>> VenueManagement.log reports:
>> sslerror: (1, 'error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
>> unknown ca'
>>
>> The server is running on a RHEL4 box so there may be some oddities -
>> but the server seems to be
>> stable and will accept connections.
>>
>> Any info would help - thx!
>>
>> Todd
>>
>>
>> Thomas D. Uram wrote:
>>> Ok, I haven't been able to reproduce the problem, but Eric has seen this
>>> problem.
>>> We'll get back to you today with a fix.
>>>
>>> Tom
>>>
>>>
>>> On 1/21/06 3:07 AM, Christoph Willing wrote:
>>>> On 21/01/2006, at 6:53 AM, Thomas D. Uram wrote:
>>>>
>>>>> Chris:
>>>>>
>>>>> This line occurs repeatedly:
>>>>>
>>>>> sslerror: (1, 'error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>>>>> alert unknown ca')
>>>>>
>>>>> Do you have the appropriate CA certs in the cert repository?
>>>>
>>>> Tom,
>>>>
>>>> I have:
>>>> ag at v2:~$ ls -l /etc/AccessGrid3/Config/CAcertificates/
>>>> total 32
>>>> -rw-r--r--  1 ag ag 1436 2004-04-20 08:00 1c3f2ca8.0
>>>> -rw-r--r--  1 ag ag 2276 2004-05-07 04:51 1c3f2ca8.signing_policy
>>>> -rw-r--r--  1 ag ag  904 2004-03-26 00:25 45cc9e80.0
>>>> -rw-r--r--  1 ag ag 1334 2004-03-26 00:25 45cc9e80.signing_policy
>>>> -rw-r--r--  1 ag ag 1448 2004-04-20 08:00 d1b603c3.0
>>>> -rw-r--r--  1 ag ag 2263 2004-03-26 00:25 d1b603c3.signing_policy
>>>> -rw-r--r--  1 ag ag 1334 2004-09-06 15:26 f18fa857.0
>>>> -rw-r--r--  1 ag ag  571 2004-09-06 15:26 f18fa857.signing_policy
>>>>
>>>>
>>>>> I'm ignoring the 'connection refused' errors, because I expect
>>>>> either the server wasn't
>>>>> running, or was running on a different network interface.
>>>>
>>>> The venue server was running; there's only one network interface on
>>>> the machine.
>>>>
>>>>
>>>> chris
>>>>
>>>>
>>>>
>>>>> On 1/20/06 2:37 PM, Christoph Willing wrote:
>>>>>
>>>>>> On 21/01/2006, at 3:03 AM, Thomas D. Uram wrote:
>>>>>>
>>>>>>> Is there mention of the default certificate in VenueManagement.log?
>>>>>>> If details there aren't clear, I'd sure be interested to see the 
>>>>>>> log.
>>>>>> Tom,
>>>>>> A log of yesterday's attempts is attached. It includes attempts
>>>>>> with  server running secure mode then insecure mode, although I
>>>>>> don't know  if thats evident from the log. It also shows the
>>>>>> different server  names used (localhost & fqdn).
>>>>>> The default certificate is mentioned a few times (at each start up
>>>>>> I  guess). Since VenueServer and VenueManagement are running on  the
>>>>>> same  machine, each is using the same default cert, which  mostly
>>>>>> happens to  be a server certificiate, although you'll see  near the
>>>>>> end that I  also tried using an Anonymous User cert too.
>>>>>> chris
>>>>>>
>>>>>>> On 1/19/06 10:25 PM, Christoph Willing wrote:
>>>>>>>
>>>>>>>> On 20/01/2006, at 2:01 PM, Thomas D. Uram wrote:
>>>>>>>>
>>>>>>>>> Is your default certificate an identity certificate (i.e., 
>>>>>>>>> does it  require a passphrase?).
>>>>>>>>> That's not being handled currently.  If so, try using a
>>>>>>>>> service   certificate instead.
>>>>>>>>> If not, something's wrong.
>>>>>>>>
>>>>>>>> Tom,
>>>>>>>> Its a VenueServer certificate, borrowed from another machine,
>>>>>>>> and   same result using an anonymous certificate.
>>>>>>>> ag at v2:~$ certmgr.py
>>>>>>>> (ID mode) > list
>>>>>>>> 1. (Default) /O=Access Grid/OU=agdev-ca.mcs.anl.gov/
>>>>>>>> CN=VenueServer/ seivers.vislab.uq.edu.au
>>>>>>>> 2. /O=Access Grid/O=Argonne National Laboratory/OU=Futures Lab  
>>>>>>>> Anonymous Authority/CN=Anonymous User 
>>>>>>>> 486c88f05354caa6e542b09b19cdee01
>>>>>>>> (ID mode) > show 1
>>>>>>>> Subject:  /O=Access Grid/OU=agdev-ca.mcs.anl.gov/
>>>>>>>> CN=VenueServer/ seivers.vislab.uq.edu.au
>>>>>>>> Issuer:  /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=Access Grid  
>>>>>>>> Developers CA
>>>>>>>> Certificate version: 2
>>>>>>>> Serial number: 5778
>>>>>>>> Not valid before: 03/18/05 01:41:35
>>>>>>>> Not valid after: 03/18/06 01:41:35
>>>>>>>> MD5 Fingerprint: 2A:81:9C:98:C2:76:09:1F:6C:E9:3E:47:B7:99:65:65
>>>>>>>> Certificate location: /home/ag/.AccessGrid3/Config/certRepo/ 
>>>>>>>> certificates/9c833de531fe7da7cff5bbfeaaf770fc/ 
>>>>>>>> 1c291311d25c9e1f2a79b98047ad6fec/cert.pem
>>>>>>>> Private key location: /home/ag/.AccessGrid3/Config/certRepo/ 
>>>>>>>> privatekeys/2f30fa4ccf0c09b08e4b9050829bc33b.pem
>>>>>>>>
>>>>>>>>> On 1/19/06 7:30 PM, Christoph Willing wrote:
>>>>>>>>>
>>>>>>>>>> Working with a packaged AG3, I can run the VenueServer and 
>>>>>>>>>> connect  to  it with a VenueClient. However I can't connect 
>>>>>>>>>> to it with the   VenueManagement tool. Trying to connect  (from
>>>>>>>>>> same  machine) with:
>>>>>>>>>>     https://localhost/VenueServer
>>>>>>>>>> or    https://v2.vislab.uq.edu.au/VenueServer
>>>>>>>>>> both immediately result in a "Unable To Connect" popup msg
>>>>>>>>>> box   saying:
>>>>>>>>>>     You were unable to connect to the venue server at:
>>>>>>>>>>     https://v2.vislab.uq.edu.au/VenueServer.
>>>>>>>>>> The VenueServer.log doesn't mention anything about a 
>>>>>>>>>> connection   attempt in such cases.
>>>>>>>>>> If I then add a :8000 to the url, the following error is 
>>>>>>>>>> added to   VenueServer.log:
>>>>>>>>>> 01/20/06 11:27:29 -1273504848 Hosting     ServiceContainer.py:
>>>>>>>>>> 146   ERROR None
>>>>>>>>>> Traceback (most recent call last):
>>>>>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/ 
>>>>>>>>>> SSLServer.py",  line 29, in handle_request
>>>>>>>>>>     request, client_address = self.get_request()
>>>>>>>>>>   File "/usr/lib/python2.4/SocketServer.py", line 373, in 
>>>>>>>>>> get_request
>>>>>>>>>>     return self.socket.accept()
>>>>>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/  
>>>>>>>>>> Connection.py", line 114, in accept
>>>>>>>>>>     ssl.accept_ssl()
>>>>>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/  
>>>>>>>>>> Connection.py", line 103, in accept_ssl
>>>>>>>>>>     return m2.ssl_accept(self.ssl)
>>>>>>>>>> SSLError: no certificate returned
>>>>
>>>>
>>>>
>>>> Christoph Willing                           +61 7 3365 8350
>>>> QPSF Access Grid Manager
>>>> University of Queensland
>>>>
>>>>
>>>>
>>>>
>>
>>
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: VenueManagement-local.log
Type: text/x-log
Size: 15580 bytes
Desc: not available
URL: <http://lists.mcs.anl.gov/pipermail/ag-dev/attachments/20060222/a2655b90/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: VenueManagement-remote.log
Type: text/x-log
Size: 6829 bytes
Desc: not available
URL: <http://lists.mcs.anl.gov/pipermail/ag-dev/attachments/20060222/a2655b90/attachment-0001.bin>

More information about the ag-dev mailing list