Hello Jan,
on this new UI, I do have installed the VOMS cerver certificate:
[root@ui2 ~]# ls -l /etc/grid-security/vomsdir
-rw-r--r-- 1 root root 3517 Jan 11 2007 voms.beingrid.fr.cgg.com.1
[root@ui2 ~]# openssl x509 -in
/etc/grid-security/vomsdir/voms.beingrid.fr.cgg.com.1 -dates -issuer
-noout -subject
notBefore=Nov 7 13:15:56 2006 GMT
notAfter=Nov 6 13:15:56 2011 GMT
issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
[log in to unmask]
subject=
/C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/emailAddress=voms.fr.cgg.com
the output difference is about the e-mail field for issuer and subject
the "Email=" before in openssl SL3/glite 3.0
is now "emailAdress=" in openssl of SL4.4/gLite 3.1
J.B
Jan Just Keijser wrote:
> Hi Jean-Bernard,
>
> I just ran into a very similar issue: the last line
>
> [favreau@ui2 favreau]$ voms-proxy-init -voms egeode
> Enter GRID pass phrase:
> Your identity: /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard
> [log in to unmask]
> Cannot find file or dir: /home/favreau/.glite/vomses
>
> suggests that you have not installed the voms server cert in
> /etc/grid-security/vomsdir at all (as your other openssl lines also
> suggest); please install this cert (e.g. copy it over from your SL3
> UI) and try again.
>
>
> HTH,
>
> Jan Just Keijser
> System Integrator
> Nikhef Amsterdam
>
> FAVREAU Jean-Bernard wrote:
>> Hi Marteen and Michel,
>>
>> Yes, CRL is up to date, CAs installed and host cert of
>> voms.beingrid.fr.cgg.com installed and are exactly the same as the
>> working UI.
>> Like Michel said, I think also that there is a problem with the
>> server certificate but I got difficulties to figure what it is.
>> To help you I've found that the output of openssl command line to
>> query the subject of the certificate is not the same on both UI
>>
>> --> on the working UI 3.0/SL3 it is:
>>
>> [favreau@ui1 JDL]$ openssl x509 -in
>> /etc/grid-security/vomsdir/voms.beingrid.fr.cgg.com.1 -dates -issuer
>> -noout -subject
>> notBefore=Nov 7 13:15:56 2006 GMT
>> notAfter=Nov 6 13:15:56 2011 GMT
>> issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
>> [log in to unmask]
>> subject=
>> /C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com
>>
>>
>>
>> --> on the new UI 3.1/SL4 it is
>> [favreau@ui2 ~]$ openssl x509 -in
>> /etc/grid-security/certificates/a1508cc7.0 -dates -issuer -noout
>> -subject
>> notBefore=Jul 7 15:18:51 2006 GMT
>> notAfter=Jul 4 15:18:51 2016 GMT
>> issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
>> [log in to unmask]
>> subject= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
>> [log in to unmask]
>>
>>
>> OPENSLL version on the working UI is openssl-0.9.7a-33.21 and on the
>> new UI it is openssl-0.9.7a-43.16
>>
>> hope it could help, J.B
>>
>>
>> Maarten Litmaath wrote:
>>> Maarten Litmaath wrote:
>>>
>>>> FAVREAU Jean-Bernard wrote:
>>>>
>>>>> [favreau@ui2 favreau]$ voms-proxy-init -voms egeode
>>>>> Enter GRID pass phrase:
>>>>> Your identity:
>>>>> /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard
>>>>> [log in to unmask]
>>>>> Cannot find file or dir: /home/favreau/.glite/vomses
>>>>> Creating temporary proxy ............................... Done
>>>>> Contacting voms.beingrid.fr.cgg.com:15001
>>>>> [/C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com]
>>>>> "egeode" Failed
>>>>>
>>>>> globus_gss_assist: Error during context initialization
>>>>> OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
>>>>> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
>>>>> globus_gsi_callback_module: Could not verify credential
>>>>> globus_gsi_callback_module: Could not verify credential: self
>>>>> signed certificate in certificate chain
>>>>
>>>>
>>>> You need to have the host cert of voms.beingrid.fr.cgg.com
>>>> installed in
>>>> /etc/grid-security/vomsdir on the UI. Also ensure all CAs are
>>>> installed.
>>>
>>> In fact, that error message just means the CAs are not installed;
>>> the host cert is relevant for voms-proxy-info, not voms-proxy-init.
>>>
>
|