Del Cano Novales, C (Cristina) wrote: > Hi Adrian, Hi, > I'm guessing you renewed this certificate recently... Did you copy the Good guess :D :) > new certificate both to /etc/grid-security/ AND to /etc/tomcat5? well... no .. i wasn't aware that it is need it .. i imagined that this is done by yaim ... and as it looks, it was done so : [root@grid01 tomcat5]# openssl verify /etc/tomcat5/hostcert.pem /etc/tomcat5/hostcert.pem: OK Is there any other place that i should check? Thanks you, Adrian > Cheers, > > Cristina > > -----Original Message----- > From: LHC Computer Grid - Rollout [mailto:[log in to unmask]] On > Behalf Of Adrian Sevcenco > Sent: 22 April 2009 11:01 > To: [log in to unmask] > Subject: [LCG-ROLLOUT] apel-publisher :: certificate expired > > Hi, > I have a problem with apel-publisher : it reports that i have an expired > certificate (which i do not). The log is below... > I tried to reconfigure all services and i checked the certificate ... > [root@grid01 grid-security]# openssl verify hostcert.pem > hostcert.pem: OK > everything seems ok ... i don't know what to try next .. > > the only thing that caught my eye is : > at > org.bouncycastle.jce.provider.X509CertificateObject.checkValidity(Unknow > n > Source) > > Have somebody any idea about what is going on? > > Thanks, > Adrian > > The log : > > 2009-04-22 12:55:49,587 [main] FATAL > org.glite.security.trustmanager.ContextWrapper - The credentials reading > failed: certificate expired on 20090321120443GMT+00:00 > 2009-04-22 12:55:49,587 [main] FATAL > org.glite.security.trustmanager.ContextWrapper - ContextWrapper > initialization failed: certificate expired on 20090321120443GMT+00:00 > Wed Apr 22 09:55:49 UTC 2009: apel-publisher - program aborted > org.glite.apel.core.ApelException: org.glite.apel.core.ApelException: > org.glite.rgma.RGMASecurityException: Client certificate error: > certificate expired on 20090321120443GMT+00:00 > at > org.glite.apel.publisher.AccountPublisher.<init>(AccountPublisher.java:1 > 77) > at > org.glite.apel.publisher.AccountManager.run(AccountManager.java:130) > at > org.glite.apel.publisher.ApelPublisher.runJoinProcessor(ApelPublisher.ja > va:121) > at > org.glite.apel.publisher.ApelPublisher.run(ApelPublisher.java:69) > at > org.glite.apel.publisher.ApelPublisher.main(ApelPublisher.java:238) > Caused by: org.glite.apel.core.ApelException: > org.glite.rgma.RGMASecurityException: Client certificate error: > certificate expired on 20090321120443GMT+00:00 > at > org.glite.apel.publisher.AccountPublisher.createResilientPrimaryProducer > (AccountPublisher.java:192) > at > org.glite.apel.publisher.AccountPublisher.<init>(AccountPublisher.java:1 > 74) > ... 4 more > Caused by: org.glite.rgma.RGMASecurityException: Client certificate > error: certificate expired on 20090321120443GMT+00:00 > at > org.edg.info.ServletConnection.setupHTTPS(ServletConnection.java:200) > at > org.edg.info.ServletConnection.setupSecurity(ServletConnection.java:180) > at > org.edg.info.ServletConnection.connect(ServletConnection.java:498) > at > org.edg.info.ServletConnection.connect(ServletConnection.java:401) > at > org.edg.info.ServletConnection.sendCommand(ServletConnection.java:443) > at > org.glite.rgma.stubs.ProducerFactoryStub.createInstance(ProducerFactoryS > tub.java:165) > at > org.glite.rgma.stubs.ProducerFactoryStub.createPrimaryProducer(ProducerF > actoryStub.java:76) > at > org.glite.rgma.stubs.ProducerFactoryStub.createPrimaryProducer(ProducerF > actoryStub.java:219) > at > org.glite.apel.publisher.AccountPublisher.createResilientPrimaryProducer > (AccountPublisher.java:189) > ... 5 more > Caused by: java.security.cert.CertificateExpiredException: certificate > expired on 20090321120443GMT+00:00 > at > org.bouncycastle.jce.provider.X509CertificateObject.checkValidity(Unknow > n > Source) > at > org.bouncycastle.jce.provider.X509CertificateObject.checkValidity(Unknow > n > Source) > at > org.glite.security.trustmanager.ContextWrapper.initKeyManagers(ContextWr > apper.java:465) > at > org.glite.security.trustmanager.ContextWrapper.init(ContextWrapper.java: > 394) > at > org.glite.security.trustmanager.ContextWrapper.<init>(ContextWrapper.jav > a:246) > at > org.glite.security.trustmanager.TimedOutContextWrapper.<init>(TimedOutCo > ntextWrapper.java:41) > at > org.edg.info.ServletConnection.setupHTTPS(ServletConnection.java:189) > ... 13 more