[AG-TECH] Venue Server question

Mike Weaver weaver at ascr.doe.gov
Wed Jan 27 09:05:31 CST 2010 

total 32
-rw-r--r--. 1 root root 1436 2007-12-18 02:09 1c3f2ca8.0
-rw-r--r--. 1 root root 2276 2004-05-06 14:51 1c3f2ca8.signing_policy
-rw-r--r--. 1 root root  912 2007-05-02 18:03 45cc9e80.0
-rw-r--r--. 1 root root 1334 2004-03-25 09:25 45cc9e80.signing_policy
-rw-r--r--. 1 root root 1448 2004-04-19 18:00 d1b603c3.0
-rw-r--r--. 1 root root 2263 2004-03-25 09:25 d1b603c3.signing_policy
-rw-r--r--. 1 root root 1334 2004-09-06 01:26 f18fa857.0
-rw-r--r--. 1 root root  571 2004-09-06 01:26 f18fa857.signing_policy

Interesting, Certificate Managers not seeing one?  This was from a fresh
installation on Fedora 12 using Jason's Install Guide and your packages.
I've exported my certificates.  I'm going to try rebuilding.

Mike

-----Original Message-----
From: Christoph Willing [mailto:c.willing at uq.edu.au] 
Sent: Tuesday, January 26, 2010 3:17 PM
To: weaver at ascr.doe.gov
Cc: AG-Tech at mcs.anl.gov
Subject: Re: [AG-TECH] Venue Server question


On 27/01/2010, at 5:40 AM, Mike Weaver wrote:

> I'm trying to set up & experiment with the AG 3 Venue Server.  Got my
> service certificate approved & installed and the Venue Server started
> successfully, but can't connect with the Venue Manager.  The  
> relevant part
> of the VenueServer.log file looks like this:
>
> 01/26/10 14:26:52 -1260389520 Hosting     ServiceContainer.py:187  
> ERROR None
> Traceback (most recent call last):
>  File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/SSLServer.py",  
> line
> 33, in handle_request
>    request, client_address = self.get_request()
>  File "/usr/lib/python2.6/SocketServer.py", line 444, in get_request
>    return self.socket.accept()
>  File
> "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/hosting/ZSI/ 
> Service
> Container.py", line 156, in M2CryptoConnectionAccept
>    ret = ssl.accept_ssl()
>  File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py",  
> line
> 152, in accept_ssl
>    return m2.ssl_accept(self.ssl, self._timeout)
> SSLError: tlsv1 alert unknown ca
>
> Seems to say that the CA for my certificate is unknown.  Running the
> Certificate Manager shows 3 trusted CAs - "DOEGrids CA 1", "ESnet  
> Root CA 1"
> & "Anonymous Certificate Authority" (issued by ANL Futures lab).  The
> service certificate was issued by the "Access Grid Developers CA".   
> Did I
> miss a step or do something wrong?


Mike,

There should be four CA's so one of them is either missing or expired.  
Could you send a long listing (ls -l) of /etc/AccessGrid3/Config/ 
CAcertificates please?


chris


Christoph Willing                       +61 7 3365 8316
QCIF Access Grid Manager
University of Queensland

More information about the ag-tech mailing list