Hi Marteen and Michel,
Yes, CRL is up to date, CAs installed and host cert of
voms.beingrid.fr.cgg.com installed and are exactly the same as the
working UI.
Like Michel said, I think also that there is a problem with the server
certificate but I got difficulties to figure what it is.
To help you I've found that the output of openssl command line to query
the subject of the certificate is not the same on both UI
--> on the working UI 3.0/SL3 it is:
[favreau@ui1 JDL]$ openssl x509 -in
/etc/grid-security/vomsdir/voms.beingrid.fr.cgg.com.1 -dates -issuer
-noout -subject
notBefore=Nov 7 13:15:56 2006 GMT
notAfter=Nov 6 13:15:56 2011 GMT
issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
[log in to unmask]
subject=
/C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com
--> on the new UI 3.1/SL4 it is
[favreau@ui2 ~]$ openssl x509 -in
/etc/grid-security/certificates/a1508cc7.0 -dates -issuer -noout -subject
notBefore=Jul 7 15:18:51 2006 GMT
notAfter=Jul 4 15:18:51 2016 GMT
issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
[log in to unmask]
subject= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
[log in to unmask]
OPENSLL version on the working UI is openssl-0.9.7a-33.21 and on the new
UI it is openssl-0.9.7a-43.16
hope it could help, J.B
Maarten Litmaath wrote:
> Maarten Litmaath wrote:
>
>> FAVREAU Jean-Bernard wrote:
>>
>>> [favreau@ui2 favreau]$ voms-proxy-init -voms egeode
>>> Enter GRID pass phrase:
>>> Your identity: /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard
>>> [log in to unmask]
>>> Cannot find file or dir: /home/favreau/.glite/vomses
>>> Creating temporary proxy ............................... Done
>>> Contacting voms.beingrid.fr.cgg.com:15001
>>> [/C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com]
>>> "egeode" Failed
>>>
>>> globus_gss_assist: Error during context initialization
>>> OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
>>> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
>>> globus_gsi_callback_module: Could not verify credential
>>> globus_gsi_callback_module: Could not verify credential: self signed
>>> certificate in certificate chain
>>
>>
>> You need to have the host cert of voms.beingrid.fr.cgg.com installed in
>> /etc/grid-security/vomsdir on the UI. Also ensure all CAs are
>> installed.
>
> In fact, that error message just means the CAs are not installed;
> the host cert is relevant for voms-proxy-info, not voms-proxy-init.
>
|