Dear All,
Further probing reveals that the following command may be cause of problem:
/usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.t32568 http://ca.grid-support.ac.uk/pub/crl/ca-crl.der\n
fetch-crl[30740]: 20080923T103658+0600 verify failed for CRL issued by 'UK e-Science CA (367b75c3)' (Error getting CRL issuer certificate)
Any Solution?
Cheers,
Asif Osman
-----Original Message-----
From: LHC Computer Grid - Rollout on behalf of Asif Osman
Sent: Tue 9/23/2008 5:36 AM
To: [log in to unmask]
Subject: Re: [LCG-ROLLOUT] SSL negotiation failed
Dear All,
To my previous email, I am adding some more information.
Upgrading our site to glite 3.1 with latest release 31 resulted in the following error:
[root@ce certificates]# [root@ce scripts]# /opt/edg/sbin/edg-mkgridmap --output=/etc/grid-security/grid-mapfile --safe
voms search(https://voms.cern.ch:8443/voms/alice/services/VOMSCompatibility?method=getGridmapUsers&container=%2Falice): SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher
The CRL file 367b75c3.r0 is not updated properly, despite running fetch-crl several times.
Signature Algorithm: md5WithRSAEncryption
Issuer: /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
Last Update: Aug 13 15:41:37 2008 GMT
Next Update: Sep 12 15:41:37 2008 GMT
Last time, we solved the problem by introducting the option "--no-cache" in script /usr/sbin/fetch-crl:
wgetAdditionalOptions="--no-cache" # require valid server cert
but this time even this trick does not work.
Any idea?
Cheers,
Asif Osman
-----Original Message-----
From: LHC Computer Grid - Rollout on behalf of Asif Osman
Sent: Tue 9/23/2008 4:51 AM
To: [log in to unmask]
Subject: [LCG-ROLLOUT] SSL negotiation failed
Dear All,
We are getting SSL negotiatin problem with voms server after latest upgrade:
voms search(https://voms.cern.ch:8443/voms/cms/services/VOMSCompatibility?method=getGridmapUsers&container=%2Fcms%2FRole%3Dproduction): SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher
Please help in fixing this problem.
Cheers,
Asif Osman
info
