But, obviously, don't mix up mq.afroditi.hellasgrid.gr and
mq.cro-ngi.hr, like I did!
Steve
On 10/22/2015 02:37 PM, Stephen Jones wrote:
>> 2015-09-25 11:26:54,254 - client - INFO - No server certificate
>> supplied. Will not encrypt messages.
>
> Hi Winnie,
>
> If you want to get rid of that message, find the server you're
> submitting to:
>
> # grep 'Established connection to host' /var/log/apel/client.log |
> tail -1
> 2015-10-22 14:19:32,571 - stomp.py - INFO - Established connection to
> host mq.cro-ngi.hr, port 6162
>
> Get that server's certificate with its public key:
>
> # openssl s_client -connect mq.afroditi.hellasgrid.gr:6162 -showcerts
> | sed -n '/BEGIN CERT/,/END CERT/p' > /etc/grid-security/servercert.pem
>
> Use vi to make /etc/apel/sender.cfg contain this line in the
> [certificates] section:
>
> server_cert: /etc/grid-security/servercert.pem
>
> The next time APEL runs, the message will be gone and the records are
> encrypted with the public key of the server (which can read them
> because it alone has the right private key.)
>
> PS: cc'ing John Gordon. John; is this right? Do we need to encrypt
> this accounting data in this way? If so I suggest this become Standard
> Operating Procedure. Pls could you let me know what you think.
>
> Cheers,
>
> Steve
>
>
>
>
>
>
>>
>> 2013-06-26 18:14:27,965 - client - INFO - No server certificate
>> supplied.
>> Will not encrypt messages.
>> ......
>> 2015-09-29 02:36:58,598 - client - INFO - No server certificate
>> supplied.
>> Will not encrypt messages.
>>
>> I was away June 2013 when our SL5 emi-2 APEL node died hideously
>> (actually
>> its VMWare Server host died) & a VeryNew LCG Support person rebuilt
>> it as
>> SL6 emi-3 on a kvm/qemu VM host. He chose the non-yaim config option but
>> did not say or document anything of what he did (very sad face)
>>
>> In July 2013 I asked TB-SUPPORT about that message but the only
>> response was
>> about emi-2 apel "and then rerun yaim" which neither applicable. Alison
>> Packer responded saying
>>
>>> the new APEL client encrypts messages without you needing to set
>>> this. (We
>>> will work on improving the logging so this statement does not cause
>>> this
>>> confusion in a future version.)
>> https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1307&L=TB-SUPPORT&O=D&F=&S=&X=6EF47C90AD13CAD854&P=31807
>>
>>
>> It wasn't (to me) a crystal clear answer but what with
>> ++busy/hectic/chaos
>> had to leave it & so to this day our APEL node logs about not
>> encrypting.
>>
>> Have just had a look at the short 6-pg Version: 2.2, Date: 23.07.2013
>> APEL_Publisher_System_Administrator_Guide.pdf, & the word encrypt
>> does not
>> appear in it.
>> So, hopefully it's harmless!!!
>
>
--
Steve Jones [log in to unmask]
Grid System Administrator office: 220
High Energy Physics Division tel (int): 43396
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396
University of Liverpool http://www.liv.ac.uk/physics/hep/
|