 |
 |
Hi all, We're having the weirdest problem. We've just been renewing some host certificates for existing machines, and getting some new certificates for new machines. Mostly that's fine, except on service nodes where the server process that uses the certificate is written in Java, where we're getting failures with this error: Caused by: java.security.cert.CertificateException: Identity reading failed: null (mostly along with other consequent errors, and a total failure to work). So far we've seen this on a Cream CE and an Argus server. The really odd thing is that if we take one of our old host certificates which are still valid for a few days, and use that instead, then the services start just fine; indeed even if we use the CE's old certificate on the Argus server it's enough to get it to start (though clearly the DN and the hostname would fail to match if anyone actually tried using it). I've also tried copying the recently issued host certificate from one of our fully working lcg-CEs onto the Argus server, and the exact same certificate that works on the former fails in exactly this manner on the latter. At this point I'm fairly convinced that there's a problem between the Java libraries and recently issued host certs, bizarre though that seems. So, my questions are: - Does anyone have a cream CE or argus server running with a certificate issued in the last few (say, two to four) weeks? - Did something change at the CA at about that time (Jens?)? - Does anyone have the foggiest idea what could possibly be going on? Ewan