[AG-DEV] AG3 VenueManagement can't connect

Christoph Willing willing at itee.uq.edu.au
Sat Jan 21 03:07:02 CST 2006


On 21/01/2006, at 6:53 AM, Thomas D. Uram wrote:

> Chris:
>
> This line occurs repeatedly:
>
> sslerror: (1, 'error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1  
> alert unknown ca')
>
> Do you have the appropriate CA certs in the cert repository?

Tom,

I have:
ag at v2:~$ ls -l /etc/AccessGrid3/Config/CAcertificates/
total 32
-rw-r--r--  1 ag ag 1436 2004-04-20 08:00 1c3f2ca8.0
-rw-r--r--  1 ag ag 2276 2004-05-07 04:51 1c3f2ca8.signing_policy
-rw-r--r--  1 ag ag  904 2004-03-26 00:25 45cc9e80.0
-rw-r--r--  1 ag ag 1334 2004-03-26 00:25 45cc9e80.signing_policy
-rw-r--r--  1 ag ag 1448 2004-04-20 08:00 d1b603c3.0
-rw-r--r--  1 ag ag 2263 2004-03-26 00:25 d1b603c3.signing_policy
-rw-r--r--  1 ag ag 1334 2004-09-06 15:26 f18fa857.0
-rw-r--r--  1 ag ag  571 2004-09-06 15:26 f18fa857.signing_policy


> I'm ignoring the 'connection refused' errors, because I expect  
> either the server wasn't
> running, or was running on a different network interface.

The venue server was running; there's only one network interface on  
the machine.


chris



>
> On 1/20/06 2:37 PM, Christoph Willing wrote:
>> On 21/01/2006, at 3:03 AM, Thomas D. Uram wrote:
>>> Is there mention of the default certificate in VenueManagement.log?
>>> If details there aren't clear, I'd sure be interested to see the  
>>> log.
>> Tom,
>> A log of yesterday's attempts is attached. It includes attempts  
>> with  server running secure mode then insecure mode, although I  
>> don't know  if thats evident from the log. It also shows the  
>> different server  names used (localhost & fqdn).
>> The default certificate is mentioned a few times (at each start up  
>> I  guess). Since VenueServer and VenueManagement are running on  
>> the same  machine, each is using the same default cert, which  
>> mostly happens to  be a server certificiate, although you'll see  
>> near the end that I  also tried using an Anonymous User cert too.
>> chris
>>> On 1/19/06 10:25 PM, Christoph Willing wrote:
>>>
>>>> On 20/01/2006, at 2:01 PM, Thomas D. Uram wrote:
>>>>
>>>>> Is your default certificate an identity certificate (i.e.,  
>>>>> does  it  require a passphrase?).
>>>>> That's not being handled currently.  If so, try using a  
>>>>> service   certificate instead.
>>>>> If not, something's wrong.
>>>>
>>>> Tom,
>>>> Its a VenueServer certificate, borrowed from another machine,  
>>>> and   same result using an anonymous certificate.
>>>> ag at v2:~$ certmgr.py
>>>> (ID mode) > list
>>>> 1. (Default) /O=Access Grid/OU=agdev-ca.mcs.anl.gov/  
>>>> CN=VenueServer/ seivers.vislab.uq.edu.au
>>>> 2. /O=Access Grid/O=Argonne National Laboratory/OU=Futures Lab    
>>>> Anonymous Authority/CN=Anonymous User   
>>>> 486c88f05354caa6e542b09b19cdee01
>>>> (ID mode) > show 1
>>>> Subject:  /O=Access Grid/OU=agdev-ca.mcs.anl.gov/ 
>>>> CN=VenueServer/  seivers.vislab.uq.edu.au
>>>> Issuer:  /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=Access Grid    
>>>> Developers CA
>>>> Certificate version: 2
>>>> Serial number: 5778
>>>> Not valid before: 03/18/05 01:41:35
>>>> Not valid after: 03/18/06 01:41:35
>>>> MD5 Fingerprint: 2A:81:9C:98:C2:76:09:1F:6C:E9:3E:47:B7:99:65:65
>>>> Certificate location: /home/ag/.AccessGrid3/Config/certRepo/   
>>>> certificates/9c833de531fe7da7cff5bbfeaaf770fc/   
>>>> 1c291311d25c9e1f2a79b98047ad6fec/cert.pem
>>>> Private key location: /home/ag/.AccessGrid3/Config/certRepo/   
>>>> privatekeys/2f30fa4ccf0c09b08e4b9050829bc33b.pem
>>>>
>>>>> On 1/19/06 7:30 PM, Christoph Willing wrote:
>>>>>
>>>>>> Working with a packaged AG3, I can run the VenueServer and   
>>>>>> connect  to  it with a VenueClient. However I can't connect  
>>>>>> to  it with the   VenueManagement tool. Trying to connect  
>>>>>> (from same  machine) with:
>>>>>>     https://localhost/VenueServer
>>>>>> or    https://v2.vislab.uq.edu.au/VenueServer
>>>>>> both immediately result in a "Unable To Connect" popup msg  
>>>>>> box   saying:
>>>>>>     You were unable to connect to the venue server at:
>>>>>>     https://v2.vislab.uq.edu.au/VenueServer.
>>>>>> The VenueServer.log doesn't mention anything about a   
>>>>>> connection   attempt in such cases.
>>>>>> If I then add a :8000 to the url, the following error is  
>>>>>> added  to   VenueServer.log:
>>>>>> 01/20/06 11:27:29 -1273504848 Hosting     ServiceContainer.py:  
>>>>>> 146   ERROR None
>>>>>> Traceback (most recent call last):
>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/   
>>>>>> SSLServer.py",  line 29, in handle_request
>>>>>>     request, client_address = self.get_request()
>>>>>>   File "/usr/lib/python2.4/SocketServer.py", line 373, in   
>>>>>> get_request
>>>>>>     return self.socket.accept()
>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/    
>>>>>> Connection.py", line 114, in accept
>>>>>>     ssl.accept_ssl()
>>>>>>   File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/    
>>>>>> Connection.py", line 103, in accept_ssl
>>>>>>     return m2.ssl_accept(self.ssl)
>>>>>> SSLError: no certificate returned



Christoph Willing                           +61 7 3365 8350
QPSF Access Grid Manager
University of Queensland






More information about the ag-dev mailing list