I'm trying to configure the pool storage for UKI-SCOTGRID-ECDF, on an SL4
64bit system.
However, yaim seems to get very upset with certificate-based authentication
processes - the config_mkgridmap step returns lots of
voms
search(https://voms.cern.ch:8443/voms/atlas/services/VOMSCompatibility?method=getGridmapUsers&container=%2Fatlas%2FRole%3Dproduction):
Can't connect to voms.cern.ch:8443 (SSL connect attempt failed because of
handshake problemserror:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate)
kind of errors, for a start.
However!
openssl s_client -connect voms.cern.ch:8443 -cert
/etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem -CApath
/etc/grid-security/certificates/
works, with no authentication problems with the SSL handshake!
The environment seems to be being set up correctly - certainly, yaim is
getting the certificate and CA certificate locations correct, and
openssl verify -CApath /etc/grid-security/certificates hostcert.pem
confirms that the hostcert is valid.
I have version 4.7.0 of lcg-vomscerts installed, and version 1.18 of lcg-CA,
so it looks like those are also up to date...
Does anyone have any ideas?
|