Looks like the server certificate is not up to date on the UI or fetch-crl
is not installed or has not yet run (CRL is out of date).
Michel
--On mardi 18 septembre 2007 15:03 +0200 FAVREAU Jean-Bernard
<[log in to unmask]> wrote:
> Hi all,
>
> I've just installed a new UI from tarball files: glite-UI-3.1.0-1.tar.gz
> and glite-UI-3.1.0-1-external.tar.gz on PC SL 4.4
> I've configured the UI without errors and warnings, and start testing and
> run into the error: OpenSSL Error: s3_clnt.c:842: in library: SSL
> routines, function SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
> I don't understand what's wrong or what is missing on this installation ?
>
> On the same site, the UI 3.0 PC SL 3.0.8 is working fine. (identical
> version 1.7.16 of of voms-proxy-init)
> On this new machine, SSH connections are working between the VOMS server
> and the UI. I don't find any helping information in logs files of the
> VOMS server.
>
> --> the error is:
>
> [favreau@ui2 favreau]$ voms-proxy-init -voms egeode
> Enter GRID pass phrase:
> Your identity: /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard
> [log in to unmask]
> Cannot find file or dir: /home/favreau/.glite/vomses
> Creating temporary proxy ............................... Done
> Contacting voms.beingrid.fr.cgg.com:15001
> [/C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg
> .com] "egeode" Failed
>
> globus_gss_assist: Error during context initialization
> OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
> globus_gsi_callback_module: Could not verify credential
> globus_gsi_callback_module: Could not verify credential: self signed
> certificate in certificate chain
>
> None of the contacted servers for egeode were capable
> of returning a valid AC for the user.
>
>
> --> the version of voms-proxy-init is:
>
> [favreau@ui2 ~]$ voms-proxy-init -version
> voms-proxy-init
> Version: 1.7.16
> Compiled: Apr 23 2007 06:30:59
>
>
> [favreau@ui2 ~]$ ldd /opt/glite/bin/voms-proxy-init
> libvomsapi.so.0 => /opt/glite/lib/libvomsapi.so.0 (0x00707000)
> libglobus_gss_assist_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_gss_assist_gcc32dbg.so.0 (0x00cd1000)
> libglobus_gssapi_gsi_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_gssapi_gsi_gcc32dbg.so.0 (0x00c18000)
> libglobus_gsi_proxy_core_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_gsi_proxy_core_gcc32dbg.so.0 (0x00fd7000)
> libglobus_gsi_credential_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_gsi_credential_gcc32dbg.so.0 (0x00111000)
> libglobus_gsi_callback_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_gsi_callback_gcc32dbg.so.0 (0x009cb000)
> libglobus_oldgaa_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_oldgaa_gcc32dbg.so.0 (0x00120000)
> libglobus_gsi_sysconfig_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_gsi_sysconfig_gcc32dbg.so.0 (0x00129000)
> libglobus_gsi_cert_utils_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_gsi_cert_utils_gcc32dbg.so.0 (0x005c3000)
> libglobus_openssl_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_openssl_gcc32dbg.so.0 (0x002bd000)
> libglobus_openssl_error_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_openssl_error_gcc32dbg.so.0 (0x004c1000)
> libglobus_callout_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_callout_gcc32dbg.so.0 (0x00135000)
> libglobus_proxy_ssl_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_proxy_ssl_gcc32dbg.so.0 (0x00139000)
> libglobus_common_gcc32dbg.so.0 =>
> /opt/globus/lib/libglobus_common_gcc32dbg.so.0 (0x008f0000)
> libssl_gcc32dbg.so.0 => /opt/globus/lib/libssl_gcc32dbg.so.0
> (0x00afa000)
> libltdl_gcc32dbg.so.3 => /opt/globus/lib/libltdl_gcc32dbg.so.3
> (0x008c9000)
> libcrypto_gcc32dbg.so.0 =>
> /opt/globus/lib/libcrypto_gcc32dbg.so.0 (0x0013e000)
> libdl.so.2 => /lib/libdl.so.2 (0x00c09000)
> libexpat.so.0 => /usr/lib/libexpat.so.0 (0x00c56000)
> libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00ce3000)
> libm.so.6 => /lib/tls/libm.so.6 (0x00258000)
> libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00c9a000)
> libc.so.6 => /lib/tls/libc.so.6 (0x002bf000)
> /lib/ld-linux.so.2 (0x00ac1000)
>
>
> thanks for any help, best regards, Jean-Bernard
> ----------------------------------------------------------------------
> J.B FAVREAU Massy1 B259
> CGGVéritas / GRID computing
> ----------------------------------------------------------------------
> Compagnie Générale de Géophysique Véritas
> 1 Rue Leon Migaux
> 91341 MASSY cedex FRANCE
> ----------------------------------------------------------------------
> e-mail: [log in to unmask]
> Tel: 33 1 64 47 32 12
> ----------------------------------------------------------------------
*************************************************************
* Michel Jouvin Email : [log in to unmask] *
* LAL / CNRS Tel : +33 1 64468932 *
* B.P. 34 Fax : +33 1 69079404 *
* 91898 Orsay Cedex *
* France *
*************************************************************
|