i run this manually:
/opt/edg/etc/cron/edg-fetch-crl-cron >> /var/log/edg-fetch-crl-cron.log 2>&1
this is the /var/log/edg-fetch-crl-cron.log
edg-fetch-crl: [2005/11/03-05:03:32] could not download a valid file from
'https://swisssign.net/cgi-bin/authority/crl?into=file&ca=Silver'
edg-fetch-crl: [2005/11/03-10:57:15] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
edg-fetch-crl: [2005/11/03-16:57:16] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
edg-fetch-crl: [2005/11/03-22:57:28] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
edg-fetch-crl: [2005/11/04-04:57:17] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
edg-fetch-crl: [2005/11/04-10:57:12] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
edg-fetch-crl: [2005/11/04-16:58:00] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
edg-fetch-crl: [2005/11/04-22:57:24] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
edg-fetch-crl: [2005/11/05-04:58:54] could not download a valid file from
'https://gridca.ihep.ac.cn/crl/cacrl.pem'
edg-fetch-crl: [2005/11/05-04:58:55] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
edg-fetch-crl: [2005/11/05-10:58:36] could not download a valid file from
'https://gridca.ihep.ac.cn/crl/cacrl.pem'
edg-fetch-crl: [2005/11/05-10:58:36] verify failed for CRL issued by
'/CN=SWITCH' (verify failure)
/usr/bin/wget: unrecognized option
`--ca-directory=/etc/grid-security/certificates'
Usage: wget [OPTION]... [URL]...
Try `wget --help' for more options.
/usr/bin/wget: unrecognized option
`--ca-directory=/etc/grid-security/certificates'
Usage: wget [OPTION]... [URL]...
Try `wget --help' for more options.
/usr/bin/wget: unrecognized option
`--ca-directory=/etc/grid-security/certificates'
Usage: wget [OPTION]... [URL]...
my /etc/cron.d/edg-fetch-crl
PATH=/sbin:/bin:/usr/sbin:/usr/bin
14 8,14,20,2 * * * root /opt/edg/etc/cron/edg-fetch-crl-cron >>
/var/log/edg-fetch-crl-cron.log 2>&1
regards
xristos
> On Sun, 27 Nov 2005, Filippidis christos wrote:
>
>> hi again,
>>
>> after sending a lot of sft jobs to xg009.inp.demokritos.gr [...]
>
> I cannot even send 1 job:
>
> -----------------------------------------------------------------------------
> $ globus-job-run xg009.inp.demokritos.gr /usr/bin/pbsnodes -a
> GRAM Job submission failed because authentication failed:
> GSS Major Status: Authentication Failed
> GSS Minor Status Error Chain:
>
> init.c:499: globus_gss_assist_init_sec_context_async: Error during context
> initialization
> init_sec_context.c:171: gss_init_sec_context: SSLv3 handshake problems
> globus_i_gsi_gss_utils.c:888: globus_i_gsi_gss_handshake:
> Unable to verify remote side's credentials
> globus_i_gsi_gss_utils.c:854: globus_i_gsi_gss_handshake:
> SSLv3 handshake problems: Couldn't do ssl handshake
> OpenSSL Error: s3_pkt.c:1046: in library: SSL routines, function
> SSL3_READ_BYTES:
> sslv3 alert certificate expired (error code 7)
> -----------------------------------------------------------------------------
>
> As usual, globus-url-copy gives more details:
>
> -----------------------------------------------------------------------------
> $ globus-url-copy file:/etc/group
> gsiftp://xg009.inp.demokritos.gr/tmp/test.$$
> error: the server sent an error response: 535 535-FTPD GSSAPI error:
> GSS Major Status: Authentication Failed
> 535-FTPD GSSAPI error: GSS Minor Status Error Chain:
> 535-FTPD GSSAPI error:
> 535-FTPD GSSAPI error: accept_sec_context.c:170: gss_accept_sec_context:
> SSLv3 handshake problems
> 535-FTPD GSSAPI error: globus_i_gsi_gss_utils.c:881:
> globus_i_gsi_gss_handshake:
> Unable to verify remote side's credentials
> 535-FTPD GSSAPI error: globus_i_gsi_gss_utils.c:854:
> globus_i_gsi_gss_handshake:
> SSLv3 handshake problems: Couldn't do ssl handshake
> 535-FTPD GSSAPI error: OpenSSL Error: s3_srvr.c:1816: in library: SSL
> routines,
> function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned
> 535-FTPD GSSAPI error: globus_gsi_callback.c:351:
> globus_i_gsi_callback_handshake_callback: Could not verify credential
> 535-FTPD GSSAPI error: globus_gsi_callback.c:477:
> globus_i_gsi_callback_cred_verify: Could not verify credential
> 535-FTPD GSSAPI error: globus_gsi_callback.c:769:
> globus_i_gsi_callback_check_revoked: Invalid CRL: The available CRL has
> expired
> 535 FTPD GSSAPI error: accepting context
> -----------------------------------------------------------------------------
>
> So, some CRL has expired. I verified the CRL for HellasGrid was OK on my
> UI,
> so I suspect on your CE the CRL for CERN has expired.
> Please run the fetch-crl cron job manually and verify its results.
>
>
Christos Filippidis
NCSR DEMOKRITOS
Institute of Nuclear Physics
office block 6(ktirion 6)
Gr-15310 Agia Paraskevi
GREECE
Tel:2106503425
http://consult.cern.ch/xwho/people/117002
http://www.inp.demokritos.gr/~filippidisx/
----------------------------------------------
"Institute of Nuclear Physics NCSR Demokritos"
http://www.inp.demokritos.gr/
|