[AG-TECH] Trouble with service certs

Ivan R. Judson judson at mcs.anl.gov
Fri Jul 16 06:48:55 CDT 2004


The first and most important thing is that you can't telnet into the
services we've built. They are using the the certificates to negotiate
secure encrypted communication. As such, the first thing that needs to
happen is a protocol negotiation (that's binary I believe, or at least
opaque). 

--Ivan 

> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov 
> [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of John Hodrien
> Sent: Friday, July 16, 2004 6:00 AM
> To: Randy Groves
> Cc: ag-tech at mcs.anl.gov
> Subject: Re: [AG-TECH] Trouble with service certs
> 
> On Wed, 30 Jun 2004, Randy Groves wrote:
> 
> > In both cases, if I try and use a service cert, I cannot 
> get the Venue 
> > Management client to connect with the venue server so that I can 
> > configure it.
> 
> > Anybody else having problems with service certs?  BTW - I've been 
> > running my
> > 2.1.2 venue server with 'service' certs for months (created with 
> > grid-cert-request).
> 
> Certmgr only know about a service cert, and an identity cert 
> issues from agdev-ca.  Whichever is set as default 
> AGServiceManager starts up, but if I telnet in on 12000 
> immediately closes the connection.
> 
> If I use my own cert from my own CA using globus and do a 
> grid-proxy-init, the AGServiceManager starts up fine, says 
> that it's using the specified cert:
> 
> 07/16/04 11:58:25 -151030272 CertificateManager     
> __init__.py:988 DEBUG Configuring standard environment
> 07/16/04 11:58:26 -151030272 CertificateManager     
> __init__.py:988 DEBUG Using default identity /O=Access 
> Grid/OU=agdev-ca.mcs.anl.gov/OU=comp.leeds.ac.uk/CN=John Hodrien
> 07/16/04 11:58:26 -151030272 CertificateManager     
> __init__.py:988 DEBUG Initializing environment with 
> unencrypted cert /O=Access 
> Grid/OU=agdev-ca.mcs.anl.gov/OU=comp.leeds.ac.uk/CN=John Hodrien
> 
> But then it clearly doesn't, as whether or not I've performed 
> a grid-proxy-init defines whether or not it'll start up.
> 
> What am I doing wrong, I really don't entirely understand the 
> way certs are being used and managed in this system.
> 
> jh
> 
> -- 
> "Woman was God's second mistake."                    -- Nietzsche
> 
> 




More information about the ag-tech mailing list