Almost the same results
[root@mallarme log]# openssl s_client -ssl3 -connect
mallarme.cnb.uam.es:2119 -CApath /etc/grid-security/certificates |
openssl x509 -noout -dates
depth=1 /C=ES/O=DATAGRID-ES/CN=DATAGRID-ES CA
verify return:1
depth=0 /C=ES/O=DATAGRID-ES/O=CNB/CN=host/mallarme.cnb.uam.es
verify return:1
notBefore=Mar 17 12:02:17 2005 GMT
notAfter=Mar 17 12:02:17 2006 GMT
And yes, the DataGrid-ES CA file (13eab55e.0) is present in
/etc/grid-security/certificates
[root@mallarme certificates]# ls -l 13eab55e.0
-rw-r--r-- 1 root root 1310 Oct 21 2004 13eab55e.0
Any ideas? Thank you in advanced.
David Groep wrote:
> Hi,
>
> > In our CE...
> > [root@mallarme]# openssl s_client -ssl3 -connect
> > mallarme.cnb.uam.es:2119 | openssl x509 -noout -dates
> > depth=1 /C=ES/O=DATAGRID-ES/CN=DATAGRID-ES CA
> > verify error:num=19:self signed certificate in certificate chain verify
> > return:0 notBefore=Mar 17 12:02:17 2005 GMT notAfter=Mar 17 12:02:17
> > 2006 GMT
>
> You will need to provide a "-CApath /etc/grid-security/certificates"
> option to openssl s_client as well, and make sure that the
> DataGrid-ES CA file (13eabb55e.0) is present in that directory.
>
> What error do you get in that case?
> I got:
>
> tbn12:davidg:1002$ openssl s_client -ssl3 -connect
> mallarme.cnb.uam.es:2119 -CApath /etc/grid-security/certificates |
> openssl x509 -noout -dates
> depth=1 /C=ES/O=DATAGRID-ES/CN=DATAGRID-ES CA
> verify return:1
> depth=0 /C=ES/O=DATAGRID-ES/O=CNB/CN=host/mallarme.cnb.uam.es
> verify return:1
> notBefore=Mar 17 12:02:17 2005 GMT
> notAfter=Mar 17 12:02:17 2006 GMT
>
>
> > accept_sec_context.c:305: gss_accept_sec_context: Error during
> > delegation: Delegation protocol violationFailure: GSS failed
>
> I guess this is due to the fact that the protocol used by the
> gatekeeper is close but not quite the same as the HTTPS protocol
> (it's HTTPG, which is HTTPS + a delegation bit). Can't check
> because of a bad network connection here at GGF :-(((
>
> Cheers,
> DavidG,
>
>
> Thorpe, MS (Matt) wrote:
>
>> -----Original Message-----
>> From: Distribution list for GOCDB admin staff
>> [mailto:[log in to unmask]] On Behalf Of David Garcia
>> Aristegui [mailto:[log in to unmask]]
>> Sent: 06 October 2005 2:31 PM
>> To: [log in to unmask]
>> Subject: Doubt about host certificate and GK
>>
>>
>> Hello, we are installing LCG 2.6 in our machines, and we have a
>> problem with the Gate-keeper.
>>
>> tail globus-gatekeeper.log
>> (...)
>> GSS authentication failure
>> GSS Major Status: General failure
>> GSS Minor Status Error Chain:
>> accept_sec_context.c:305: gss_accept_sec_context: Error during
>> delegation: Delegation protocol violationFailure: GSS failed
>> Major:000d0000 Minor:00000001 Token:00000000
>> Failure: GSS failed Major:000d0000 Minor:00000001 Token:00000000
>>
>> This kind of probles are related with the host certificate, could you
>> tell me if is this true?
>>
>> In our CE...
>> [root@mallarme]# openssl s_client -ssl3 -connect
>> mallarme.cnb.uam.es:2119 | openssl x509 -noout -dates
>> depth=1 /C=ES/O=DATAGRID-ES/CN=DATAGRID-ES CA
>> verify error:num=19:self signed certificate in certificate chain verify
>> return:0 notBefore=Mar 17 12:02:17 2005 GMT notAfter=Mar 17 12:02:17
>> 2006 GMT
>>
>> Is valid our certificate? i think is correct, could you help me with the
>>
>> GK error, please?
>>
>> Thank you in advaned.
>
>
>
|