[AG-TECH] Venue Server question
c.willing at uq.edu.au
Thu Jan 28 18:36:59 CST 2010
We've been able to replicate the problem here. Its due to the
inability to load the AG Dev CA. You can confirm it by running a
certmgr session as below. In particular, notice the error when trying
to import 45cc9e80.0 (the AG Dev CA).
[ag at agn-display ~]$ cd /etc/AccessGrid3/Config/CAcertificates/
[ag at agn-display CAcertificates]$ certmgr_agtk
ClientProfile.py:22: DeprecationWarning: the md5 module is deprecated;
use hashlib instead
ProxyGen.py:19: DeprecationWarning: The popen2 module is deprecated.
Use the subprocess module.
(ID mode) > ca
(CA mode) > import 45cc9e80.0
Error importing certificate from 45cc9e80.0: long too large to convert
(CA mode) > quit
We believe the error is due to the newer m2crypto version being used
in Fedora 12 (both 32 and 64 bit).
For now, I think your only Fedora based option is to use an earlier
release (F11 looks OK).
On 28/01/2010, at 1:05 AM, Mike Weaver wrote:
> total 32
> -rw-r--r--. 1 root root 1436 2007-12-18 02:09 1c3f2ca8.0
> -rw-r--r--. 1 root root 2276 2004-05-06 14:51 1c3f2ca8.signing_policy
> -rw-r--r--. 1 root root 912 2007-05-02 18:03 45cc9e80.0
> -rw-r--r--. 1 root root 1334 2004-03-25 09:25 45cc9e80.signing_policy
> -rw-r--r--. 1 root root 1448 2004-04-19 18:00 d1b603c3.0
> -rw-r--r--. 1 root root 2263 2004-03-25 09:25 d1b603c3.signing_policy
> -rw-r--r--. 1 root root 1334 2004-09-06 01:26 f18fa857.0
> -rw-r--r--. 1 root root 571 2004-09-06 01:26 f18fa857.signing_policy
> Interesting, Certificate Managers not seeing one? This was from a
> installation on Fedora 12 using Jason's Install Guide and your
> I've exported my certificates. I'm going to try rebuilding.
> -----Original Message-----
> From: Christoph Willing [mailto:c.willing at uq.edu.au]
> Sent: Tuesday, January 26, 2010 3:17 PM
> To: weaver at ascr.doe.gov
> Cc: AG-Tech at mcs.anl.gov
> Subject: Re: [AG-TECH] Venue Server question
> On 27/01/2010, at 5:40 AM, Mike Weaver wrote:
>> I'm trying to set up & experiment with the AG 3 Venue Server. Got my
>> service certificate approved & installed and the Venue Server started
>> successfully, but can't connect with the Venue Manager. The
>> relevant part
>> of the VenueServer.log file looks like this:
>> 01/26/10 14:26:52 -1260389520 Hosting ServiceContainer.py:187
>> ERROR None
>> Traceback (most recent call last):
>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/SSLServer.py",
>> 33, in handle_request
>> request, client_address = self.get_request()
>> File "/usr/lib/python2.6/SocketServer.py", line 444, in get_request
>> return self.socket.accept()
>> Container.py", line 156, in M2CryptoConnectionAccept
>> ret = ssl.accept_ssl()
>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py",
>> 152, in accept_ssl
>> return m2.ssl_accept(self.ssl, self._timeout)
>> SSLError: tlsv1 alert unknown ca
>> Seems to say that the CA for my certificate is unknown. Running the
>> Certificate Manager shows 3 trusted CAs - "DOEGrids CA 1", "ESnet
>> Root CA 1"
>> & "Anonymous Certificate Authority" (issued by ANL Futures lab). The
>> service certificate was issued by the "Access Grid Developers CA".
>> Did I
>> miss a step or do something wrong?
> There should be four CA's so one of them is either missing or expired.
> Could you send a long listing (ls -l) of /etc/AccessGrid3/Config/
> CAcertificates please?
> Christoph Willing +61 7 3365 8316
> QCIF Access Grid Manager
> University of Queensland
Christoph Willing +61 7 3365 8316
QCIF Access Grid Manager
University of Queensland
More information about the ag-tech