Hi,
> In our CE...
> [root@mallarme]# openssl s_client -ssl3 -connect
> mallarme.cnb.uam.es:2119 | openssl x509 -noout -dates
> depth=1 /C=ES/O=DATAGRID-ES/CN=DATAGRID-ES CA
> verify error:num=19:self signed certificate in certificate chain verify
> return:0 notBefore=Mar 17 12:02:17 2005 GMT notAfter=Mar 17 12:02:17
> 2006 GMT
You will need to provide a "-CApath /etc/grid-security/certificates"
option to openssl s_client as well, and make sure that the
DataGrid-ES CA file (13eabb55e.0) is present in that directory.
What error do you get in that case?
I got:
tbn12:davidg:1002$ openssl s_client -ssl3 -connect mallarme.cnb.uam.es:2119
-CApath /etc/grid-security/certificates | openssl x509 -noout -dates
depth=1 /C=ES/O=DATAGRID-ES/CN=DATAGRID-ES CA
verify return:1
depth=0 /C=ES/O=DATAGRID-ES/O=CNB/CN=host/mallarme.cnb.uam.es
verify return:1
notBefore=Mar 17 12:02:17 2005 GMT
notAfter=Mar 17 12:02:17 2006 GMT
> accept_sec_context.c:305: gss_accept_sec_context: Error during
> delegation: Delegation protocol violationFailure: GSS failed
I guess this is due to the fact that the protocol used by the
gatekeeper is close but not quite the same as the HTTPS protocol
(it's HTTPG, which is HTTPS + a delegation bit). Can't check
because of a bad network connection here at GGF :-(((
Cheers,
DavidG,
Thorpe, MS (Matt) wrote:
> -----Original Message-----
> From: Distribution list for GOCDB admin staff
> [mailto:[log in to unmask]] On Behalf Of David Garcia
> Aristegui [mailto:[log in to unmask]]
> Sent: 06 October 2005 2:31 PM
> To: [log in to unmask]
> Subject: Doubt about host certificate and GK
>
>
> Hello, we are installing LCG 2.6 in our machines, and we have a problem
> with the Gate-keeper.
>
> tail globus-gatekeeper.log
> (...)
> GSS authentication failure
> GSS Major Status: General failure
> GSS Minor Status Error Chain:
> accept_sec_context.c:305: gss_accept_sec_context: Error during
> delegation: Delegation protocol violationFailure: GSS failed
> Major:000d0000 Minor:00000001 Token:00000000
> Failure: GSS failed Major:000d0000 Minor:00000001 Token:00000000
>
> This kind of probles are related with the host certificate, could you
> tell me if is this true?
>
> In our CE...
> [root@mallarme]# openssl s_client -ssl3 -connect
> mallarme.cnb.uam.es:2119 | openssl x509 -noout -dates
> depth=1 /C=ES/O=DATAGRID-ES/CN=DATAGRID-ES CA
> verify error:num=19:self signed certificate in certificate chain verify
> return:0 notBefore=Mar 17 12:02:17 2005 GMT notAfter=Mar 17 12:02:17
> 2006 GMT
>
> Is valid our certificate? i think is correct, could you help me with the
>
> GK error, please?
>
> Thank you in advaned.
--
David Groep
** National Institute for Nuclear and High Energy Physics, PDP/Grid group **
** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
|