[AG-TECH] Venue Server question
Mike Weaver
weaver at ascr.doe.gov
Wed Jan 27 09:05:31 CST 2010
total 32
-rw-r--r--. 1 root root 1436 2007-12-18 02:09 1c3f2ca8.0
-rw-r--r--. 1 root root 2276 2004-05-06 14:51 1c3f2ca8.signing_policy
-rw-r--r--. 1 root root 912 2007-05-02 18:03 45cc9e80.0
-rw-r--r--. 1 root root 1334 2004-03-25 09:25 45cc9e80.signing_policy
-rw-r--r--. 1 root root 1448 2004-04-19 18:00 d1b603c3.0
-rw-r--r--. 1 root root 2263 2004-03-25 09:25 d1b603c3.signing_policy
-rw-r--r--. 1 root root 1334 2004-09-06 01:26 f18fa857.0
-rw-r--r--. 1 root root 571 2004-09-06 01:26 f18fa857.signing_policy
Interesting, Certificate Managers not seeing one? This was from a fresh
installation on Fedora 12 using Jason's Install Guide and your packages.
I've exported my certificates. I'm going to try rebuilding.
Mike
-----Original Message-----
From: Christoph Willing [mailto:c.willing at uq.edu.au]
Sent: Tuesday, January 26, 2010 3:17 PM
To: weaver at ascr.doe.gov
Cc: AG-Tech at mcs.anl.gov
Subject: Re: [AG-TECH] Venue Server question
On 27/01/2010, at 5:40 AM, Mike Weaver wrote:
> I'm trying to set up & experiment with the AG 3 Venue Server. Got my
> service certificate approved & installed and the Venue Server started
> successfully, but can't connect with the Venue Manager. The
> relevant part
> of the VenueServer.log file looks like this:
>
> 01/26/10 14:26:52 -1260389520 Hosting ServiceContainer.py:187
> ERROR None
> Traceback (most recent call last):
> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/SSLServer.py",
> line
> 33, in handle_request
> request, client_address = self.get_request()
> File "/usr/lib/python2.6/SocketServer.py", line 444, in get_request
> return self.socket.accept()
> File
> "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/hosting/ZSI/
> Service
> Container.py", line 156, in M2CryptoConnectionAccept
> ret = ssl.accept_ssl()
> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py",
> line
> 152, in accept_ssl
> return m2.ssl_accept(self.ssl, self._timeout)
> SSLError: tlsv1 alert unknown ca
>
> Seems to say that the CA for my certificate is unknown. Running the
> Certificate Manager shows 3 trusted CAs - "DOEGrids CA 1", "ESnet
> Root CA 1"
> & "Anonymous Certificate Authority" (issued by ANL Futures lab). The
> service certificate was issued by the "Access Grid Developers CA".
> Did I
> miss a step or do something wrong?
Mike,
There should be four CA's so one of them is either missing or expired.
Could you send a long listing (ls -l) of /etc/AccessGrid3/Config/
CAcertificates please?
chris
Christoph Willing +61 7 3365 8316
QCIF Access Grid Manager
University of Queensland
More information about the ag-tech
mailing list