Dear All, Further probing reveals that the following command may be cause of problem: /usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.t32568 http://ca.grid-support.ac.uk/pub/crl/ca-crl.der\n fetch-crl[30740]: 20080923T103658+0600 verify failed for CRL issued by 'UK e-Science CA (367b75c3)' (Error getting CRL issuer certificate) Any Solution? Cheers, Asif Osman -----Original Message----- From: LHC Computer Grid - Rollout on behalf of Asif Osman Sent: Tue 9/23/2008 5:36 AM To: [log in to unmask] Subject: Re: [LCG-ROLLOUT] SSL negotiation failed Dear All, To my previous email, I am adding some more information. Upgrading our site to glite 3.1 with latest release 31 resulted in the following error: [root@ce certificates]# [root@ce scripts]# /opt/edg/sbin/edg-mkgridmap --output=/etc/grid-security/grid-mapfile --safe voms search(https://voms.cern.ch:8443/voms/alice/services/VOMSCompatibility?method=getGridmapUsers&container=%2Falice): SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher The CRL file 367b75c3.r0 is not updated properly, despite running fetch-crl several times. Signature Algorithm: md5WithRSAEncryption Issuer: /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA Last Update: Aug 13 15:41:37 2008 GMT Next Update: Sep 12 15:41:37 2008 GMT Last time, we solved the problem by introducting the option "--no-cache" in script /usr/sbin/fetch-crl: wgetAdditionalOptions="--no-cache" # require valid server cert but this time even this trick does not work. Any idea? Cheers, Asif Osman -----Original Message----- From: LHC Computer Grid - Rollout on behalf of Asif Osman Sent: Tue 9/23/2008 4:51 AM To: [log in to unmask] Subject: [LCG-ROLLOUT] SSL negotiation failed Dear All, We are getting SSL negotiatin problem with voms server after latest upgrade: voms search(https://voms.cern.ch:8443/voms/cms/services/VOMSCompatibility?method=getGridmapUsers&container=%2Fcms%2FRole%3Dproduction): SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher Please help in fixing this problem. Cheers, Asif Osman info