On Tue, 20 Sep 2005, Eygene A. Ryabinkin wrote:
> Good day!
> Seems like the host lcg-voms.cern.ch does not have CA distribution v. 0.32,
> since I am unable to connect to it using my new certificate from RDIG CA,
Apologies for my delay. I updated the CAs on the lcg-voms.cern.ch server
now.
- maria
> signed with 2048 bit key that appeared only in 0.32 CA RPMs. The logging info
> is the following:
> -----
> # openssl s_client -host lcg-voms.cern.ch -port 8443 -key hostkey.pem -cert hostcert.pem -CApath certificates -state
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:SSLv3 read server hello A
> depth=1 /C=CH/O=CERN/OU=GRID/CN=CERN CA
> verify return:1
> depth=0 /C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch
> verify return:1
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server key exchange A
> SSL_connect:SSLv3 read server certificate request A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client certificate A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write certificate verify A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL3 alert read:fatal:certificate unknown
> SSL_connect:failed in SSLv3 read finished A
> 12634:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1046:SSL alert number 46
> 12634:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
> -----
> Could the administrators of the lcg-voms.cern.ch check and tell wheither they
> have RDIG CA certificate with hash equal to 55994d72.
> I also suspect that many sites still have CA RPMs v. 0.31. I will be very
> glad if they will be able to upgrade to 0.32 distribution.
> Thanks!
>
--
Maria Dimou-Zacharova http://cern.ch/dimou
CERN, CH-1211 Geneva 23, Switzerland
[log in to unmask], Tel:+41227673356, Fax:+41227669820,+41227674900
|