On Wed, 22 Apr 2009, Adrian Sevcenco wrote:
> Del Cano Novales, C (Cristina) wrote:
>> Hi Adrian,
> Hi,
>
>> I'm guessing you renewed this certificate recently... Did you copy the
> Good guess :D :)
>
>> new certificate both to /etc/grid-security/ AND to /etc/tomcat5?
> well... no .. i wasn't aware that it is need it .. i imagined that this
> is done by yaim ... and as it looks, it was done so :
It happened to me fairly recently, but I've not had time to check if it
was YAIM or something local that cocked up:
I added the updated certificate and re-ran YAIM, and the MON box seemed to
work and pass tests (rgma-client-check, etc.), but I discovered quite a
few days later that APEL publishing was failing because one set of copies
of the certificate hadn't been updated.
Try:
ls -l /etc/tomcat5/host*
ls -l /etc/grid-security/host*
ls -l /opt/glite/var/rgma/.certs/host*
and make sure all have the right permissions and are the current
certificate.
>> 2009-04-22 12:55:49,587 [main] FATAL
>> org.glite.security.trustmanager.ContextWrapper - The credentials reading
>> failed: certificate expired on 20090321120443GMT+00:00
>> 2009-04-22 12:55:49,587 [main] FATAL
>> org.glite.security.trustmanager.ContextWrapper - ContextWrapper
>> initialization failed: certificate expired on 20090321120443GMT+00:00
>> Wed Apr 22 09:55:49 UTC 2009: apel-publisher - program aborted
>> org.glite.apel.core.ApelException: org.glite.apel.core.ApelException:
>> org.glite.rgma.RGMASecurityException: Client certificate error:
>> certificate expired on 20090321120443GMT+00:00
That's similar to what I saw.
Thanks
Henry
--
Dr. Henry Nebrensky [log in to unmask]
http://people.brunel.ac.uk/~eesrjjn
"The opossum is a very sophisticated animal.
It doesn't even get up until 5 or 6 p.m."
|