[AG-DEV] Cert issues on Fedora 12

Christoph Willing c.willing at uq.edu.au
Thu Feb 25 07:19:24 CST 2010


On 25/02/2010, at 9:49 PM, Jason Bell wrote:

> G'day Chris and Tom
>
> Thanks for the quick feedback...
>
> Okay, I am not sure what I have done, but nothing seems to be  
> working...
>
> So, not knowing how to "add the new CA certs" as provided in https://lists.mcs.anl.gov/mailman/htdig/ag-tech/2010-January/021336.html 
> ,

If you click on each of the links to .obj files there, you'll see that  
one is mainly gibberish and the other has a bit of readable text. Save  
the gibberish one locally as 45cc9e80.Jan2010.0 and save the other as  
45cc9e80.Jan2010.0.signing_policy. Copy these into the /etc/ 
AccessGrid3/Config/CAcertificates/ directory. Now if you run  
certmgr3.py (plain certmgr on Fedora) with the -C option, it will  
start up in CA mode (there'll be a "CA>" prompt). If you enter the  
command "list" at the prompt, you should see 3 CA's listed there i.e.  
the AG Developers CA will be missing. Now enter "import  
45cc9e80.Jan2010.0" (presuming you're in the right directory to do  
that). You should now see 4 CA's listed after running the list command  
again. If so, all is OK - type "quit" to exit.

There may be a few wrinkles in those instructions - taken from  
memory ...


chris


> I thought I would try using the CertificateManager or  
> CertificateRequestTool programs, but I get the following error  
> messages when executing these programs from a Terminal:
>
> [ace at linux Desktop]$ CertificateManager
> /usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> ClientProfile.py:22: DeprecationWarning: the md5 module is  
> deprecated; use hashlib instead
>  import md5
> /usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/Security/ 
> ProxyGen.py:19: DeprecationWarning: The popen2 module is  
> deprecated.  Use the subprocess module.
>  import popen2
> Traceback (most recent call last):
>  File "/usr/bin/CertificateManager", line 64, in <module>
>    main()
>  File "/usr/bin/CertificateManager", line 52, in main
>    certMgr = app.GetCertificateManager()
>
>
> <SNIP>
>
>
>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1297, in GetMetadata
>    return self.cert.GetMetadata(k)
>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1590, in GetMetadata
>    hashkey = self._GetMetadataKey(key)
>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1579, in _GetMetadataKey
>    self.GetIssuerSerialHash(),
>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1504, in GetIssuerSerialHash
>    serial = struct.pack("l", self.cert.get_serial_number())
> struct.error: long too large to convert to int
>
>
> So I thought I would copy the files to /etc/AccessGrid3/Config/ 
> CAcertificates, but neither the VenueClient nor the about cert  
> programs mentioned above works.
>
> I even tried doing a yum remove AccessGrid and then a yum install  
> AccessGrid.
>
> Maybe I am doing something wrong, any advice would be appreciated.
>
> Should I completely remove the /etc/AccessGrid3 directory and start  
> again?
>
> Thanks in advance,
> Jason.
>
>
> -----Original Message-----
> From: Christoph Willing [mailto:c.willing at uq.edu.au]
> Sent: Thursday, 25 February 2010 3:07 PM
> To: Jason Bell
> Cc: ag-dev
> Subject: Re: [AG-DEV] Cert issues on Fedora 12
>
> On 25/02/2010, at 2:48 PM, Jason Bell wrote:
>
>> G'day All
>>
>> Just wondering if any has installed Fedora 12 and the Access Grid
>> software recently.
>>
>> I have tried to install the AG software at home and got some error
>> messages which appears to relate to the certificate.
>>
>> Just wondering if anyone has seen this.
>>
>> Thanks,
>> Jason.
>>
>> PS, this is the error message I get:
>>
> [snip]
>> Traceback (most recent call last):
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> VenueClientUI.py", line 533, in __SetMenubar
>>    mgr = app.GetCertificateManager()
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Toolkit.py", line 473, in GetCertificateManager
>>    self._certificateManager.InitEnvironment()
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateManager.py", line 564, in InitEnvironment
>>    self._InitializeCADir()
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateManager.py", line 645, in _InitializeCADir
>>    for c in self.GetCACerts():
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateManager.py", line 768, in GetCACerts
>>    caCerts = self.certRepo.FindCertificatesWithMetadata(mdkey, mdval)
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateRepository.py", line 1201, in
>> FindCertificatesWithMetadata
>>    return list(self.FindCertificates(lambda c: c.GetMetadata(mdkey)
>> == mdvalue))
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateRepository.py", line 1191, in FindCertificates
>>    if pred(cert):
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateRepository.py", line 1201, in <lambda>
>>    return list(self.FindCertificates(lambda c: c.GetMetadata(mdkey)
>> == mdvalue))
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateRepository.py", line 1297, in GetMetadata
>>    return self.cert.GetMetadata(k)
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateRepository.py", line 1590, in GetMetadata
>>    hashkey = self._GetMetadataKey(key)
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateRepository.py", line 1579, in _GetMetadataKey
>>    self.GetIssuerSerialHash(),
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> Security/CertificateRepository.py", line 1504, in GetIssuerSerialHash
>>    serial = struct.pack("l", self.cert.get_serial_number())
>> error: long too large to convert to int
>
>
> Looks like a repeat of this one:
>      https://lists.mcs.anl.gov/mailman/htdig/ag-tech/2010-January/021336.html
>
> You need to add the new CA certs  attached there to /etc/AccessGrid3/
> Config/CAcertificates/
>
>
> chris
>
>
>
>> Traceback (most recent call last):
>>  File "/usr/bin/VenueClient", line 173, in <module>
>>    main()
>>  File "/usr/bin/VenueClient", line 150, in main
>>    vcui = VenueClientUI(vc, vcc, app)
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> VenueClientUI.py", line 237, in __init__
>>    self.__BuildUI(app)
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> VenueClientUI.py", line 980, in __BuildUI
>>    self.__SetMenubar(app)
>>  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> VenueClientUI.py", line 538, in __SetMenubar
>>    self.cmui = CertificateManagerWXGUI.CertificateManagerWXGUI(mgr)
>> UnboundLocalError: local variable 'mgr' referenced before assignment
>>
>>
>> --------------------------------------------
>> Jason Bell, B.I.T. (Honours)
>>
>> Research Systems Support Officer
>> Information Technology Division
>> CQ University Australia
>>
>> Australian Research Collaboration Service
>> http://www.arcs.org.au/
>>
>> E-mail : j.bell at cqu.edu.au
>>         jason.bell at arcs.org.au
>> Work   : +61 7 4930 9229
>> Mobile : 0409 630897
>> Postal : Building 19
>>         Central Queensland University
>>         Bruce Highway
>>         Rockhampton, Queensland, Australia, 4702
>> --------------------------------------------
>> Patience is a virtue.
>>
>> But if I wanted Patience,
>> I would have become a Doctor.
>> --------------------------------------------
>>
>
> Christoph Willing                       +61 7 3365 8316
> QCIF Access Grid Manager
> University of Queensland
>

Christoph Willing                       +61 7 3365 8316
QCIF Access Grid Manager
University of Queensland



More information about the ag-dev mailing list