 |
 |
We've encountered problems after upgrading the certificates on our CE, SE and MON boxes For example, globus_url_copy gives the following problem ... init_sec_context.c:171: gss_init_sec_context: SSLv3 handshake problems globus_i_gsi_gss_utils.c:881: globus_i_gsi_gss_handshake: Unable to verify remote side's credentials globus_i_gsi_gss_utils.c:854: globus_i_gsi_gss_handshake: SSLv3 handshake problems: Couldn't do ssl handshake OpenSSL Error: s3_clnt.c:840: in library: SSL routines, function SSL3_GET_SERVER_CERTIFICATE: certificate verify failed globus_gsi_callback.c:351: globus_i_gsi_callback_handshake_callback: Could not verify credential globus_gsi_callback.c:443: globus_i_gsi_callback_cred_verify: Could not verify credential: self signed certificate in certificate chain We installed the certificates and keys from UK E-Science to the following locations. SE /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem /opt/glite/var/rgma/.certs/hostcert.pem /opt/glite/var/rgma/.certs/hostkey.pem /etc/grid-security/dpmmgr/dpmcert.pem /etc/grid-security/dpmmgr/dpmkey.pem CE /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem /opt/glite/var/rgma/.certs/hostcert.pem /opt/glite/var/rgma/.certs/hostkey.pem MON /etc/grid-security/hostcert.pem /etc/grid-security/hostkey.pem /opt/glite/var/rgma/.certs/hostcert.pem /opt/glite/var/rgma/.certs/hostkey.pem /etc/tomcat5/hostcert.pem /etc/tomcat5/hostkey.pem All files are owned by root:root. The permissions on the certificates are 644 and on the keys,400. We can use grid-cert-info to verify that the certificates are for the correct machine, and are current. We have re-configured with yaim and even rebooted. What are we missing?? We are running glite 3.0 on these service nodes, and have lcg-CA-1.21-1 installed Thanks in advance Dave -- David Robson CODAS & IT Department, UKAEA Culham Culham Science Centre, Abingdon, OXON, OX14 3DB, UK Voice: +44(0)1235-46-4569, Fax: 4404 Work email: [log in to unmask] Home email: [log in to unmask]