Hi Alison,
Thanks for the clarifications. I have created the GGUS ticket as you suggested:
https://ggus.eu/ws/ticket_info.php?ticket=95560
Cheers,
Luke
On 9 July 2013 15:09, Alison Packer <[log in to unmask]> wrote:
> Hi,
> Sorry I was out yesterday so have only just seen this exchange of emails. The message "No server certificate supplied" is not bad and you can ignore it but you should also comment the line:
> server_cert: /etc/grid-security/hostcert.pem
>
> in /etc/apel/sender.cfg as the certificate you would need is the receiving server's certificate - so you have the wrong certificate referenced in the sender.cfg file at the moment. This option has been left in from the previous version of the client package but is NOT needed as the new APEL client encrypts messages without you needing to set this. (We will work on improving the logging so this statement does not cause this confusion in a future version.)
>
> I should also point out that this request for help is about EMI 3 version of APEL, Sam's response is referring to the configuration options for the EMI 2 version of APEL. The EMI 3 version is configured differently and does not use yaim.
>
> We are not receiving records from Bristol in the new server so please open a GGUS ticket so we can help sort out the remaining issues and track the progress there.
>
> Thanks,
> Alison
>
>
>
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:[log in to unmask]] On Behalf Of L Kreczko
> Sent: 08 July 2013 15:30
> To: [log in to unmask]
> Subject: Re: Bristol APEL: "No server certificate supplied"? ce03+4 yellow; no fetch-crl
>
> Hi Sam,
>
> Thanks for the response.
>>>
>>> What does "No server certificate supplied" mean & is it bad? lcgmon02
>>> def has valid host certificates.
>>
>>
>> I believe that that bit is a red herring - this means that APEL
>> Encrypted DN publishing isn't enabled. This is not a critical matter
>> (although I believe that everyone is supposed to enable it -
>> supposedly you just need to set the YAIM site-info option
>> APEL_PUBLISH_USER_DN=yes). That said, I think the server cert
>> mentioned is supposed to be the hostcert, so it does seem odd that it isn't using it, if it was configured with the relevant option on...
>>
>> Sam
>
> I have set
> server_cert: /etc/grid-security/hostcert.pem in /etc/apel/sender.cfg
>
> and it is encrypting the messages now.
>
> The only remaining problem is
> (http://goc-accounting.grid-support.ac.uk/rss/UKI-SOUTHGRID-BRIS-HEP_Pub.html):
> org.apel.APEL-Pub WARNING 07-08-2013 02:10:04 17d 21h 9m 33s 2/2
> goc-accounting.grid-support.ac.uk: WARN [ last published 24 days ago:
> 2013-06-13 ]
>
> Cheers,
> Luke
>
> --
> ******************************************************
> Lukasz Kreczko +44 (0)117 928 8724
> CMS Group
> School of Physics
> University of Bristol
> ******************************************************
> --
> Scanned by iCritical.
--
******************************************************
Lukasz Kreczko +44 (0)117 928 8724
CMS Group
School of Physics
University of Bristol
******************************************************
|