 |
 |
Hi Brian, > Yves, this problem is normally associated with the client and server > not being on the same version ( ie have you upgraded both the UI and > the CE to the same version of lcg-CA ?) ( thank Jens for the info) The problem with this is that all jobs submitted from non updated UI will fail. Bristol sarted failing SAM tests... What is the depth of the CA verification chain of various grid services? I would have naively thought that if the CA root were compromised and a new root CA issued, then the whole CA verification chain would fail? Yves > Regards > Brian > > On 19/05/2008, Yves Coppens <[log in to unmask]> wrote: >> Hello all, >> >> Latest LCG-CA update broke Bristol site. Problems (example below) >> disappeared as soon as we restored lcg-CA-1.20-1. >> >> It seems there is problem with latest UKeScience Root CA? >> >> Winnie & Yves >> >> $ globus-job-run lcgce01.phy.bris.ac.uk /bin/hostname >> GRAM Job submission failed because authentication failed: >> GSS Major Status: Authentication Failed >> GSS Minor Status Error Chain: >> >> init.c:499: globus_gss_assist_init_sec_context_async: Error >> during context initialization >> init_sec_context.c:171: gss_init_sec_context: SSLv3 handshake problems >> globus_i_gsi_gss_utils.c:881: globus_i_gsi_gss_handshake: Unable to verify >> remote side's credentials >> globus_i_gsi_gss_utils.c:854: globus_i_gsi_gss_handshake: SSLv3 handshake >> problems: Couldn't do ssl handshake >> OpenSSL Error: s3_clnt.c:840: in library: SSL routines, function >> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed >> globus_gsi_callback.c:351: >> globus_i_gsi_callback_handshake_callback: Could not verify >> credential >> globus_gsi_callback.c:443: >> globus_i_gsi_callback_cred_verify: Could not verify >> credential: self signed certificate in certificate chain (error code 7) >> >