Make sure you have also rerun fetch_crl as well.
Brian
2008/6/3 David Robson <[log in to unmask]>:
> We've encountered problems after upgrading the certificates on our CE, SE
> and MON boxes
>
> For example, globus_url_copy gives the following problem ...
>
> init_sec_context.c:171: gss_init_sec_context: SSLv3 handshake problems
> globus_i_gsi_gss_utils.c:881: globus_i_gsi_gss_handshake: Unable to verify
> remote side's credentials
> globus_i_gsi_gss_utils.c:854: globus_i_gsi_gss_handshake: SSLv3 handshake
> problems: Couldn't do ssl handshake
> OpenSSL Error: s3_clnt.c:840: in library: SSL routines, function
> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
> globus_gsi_callback.c:351: globus_i_gsi_callback_handshake_callback: Could
> not verify credential
> globus_gsi_callback.c:443: globus_i_gsi_callback_cred_verify: Could not
> verify credential: self signed certificate in certificate chain
>
>
> We installed the certificates and keys from UK E-Science to the following
> locations.
>
> SE
>
> /etc/grid-security/hostcert.pem
> /etc/grid-security/hostkey.pem
> /opt/glite/var/rgma/.certs/hostcert.pem
> /opt/glite/var/rgma/.certs/hostkey.pem
> /etc/grid-security/dpmmgr/dpmcert.pem
> /etc/grid-security/dpmmgr/dpmkey.pem
>
> CE
>
> /etc/grid-security/hostcert.pem
> /etc/grid-security/hostkey.pem
> /opt/glite/var/rgma/.certs/hostcert.pem
> /opt/glite/var/rgma/.certs/hostkey.pem
>
> MON
>
> /etc/grid-security/hostcert.pem
> /etc/grid-security/hostkey.pem
> /opt/glite/var/rgma/.certs/hostcert.pem
> /opt/glite/var/rgma/.certs/hostkey.pem
> /etc/tomcat5/hostcert.pem
> /etc/tomcat5/hostkey.pem
>
> All files are owned by root:root. The permissions on the certificates are
> 644
> and on the keys,400. We can use grid-cert-info to verify that the
> certificates
> are for the correct machine, and are current. We have re-configured with
> yaim
> and even rebooted.
>
> What are we missing?? We are running glite 3.0 on these service nodes, and
> have lcg-CA-1.21-1 installed
>
> Thanks in advance
>
> Dave
>
>
>
>
>
> --
> David Robson
>
> CODAS & IT Department, UKAEA Culham
> Culham Science Centre, Abingdon, OXON, OX14 3DB, UK
> Voice: +44(0)1235-46-4569, Fax: 4404
> Work email: [log in to unmask]
> Home email: [log in to unmask]
>
|