Hi Jiri
We have done a quick search and it appears that your signing policy is
the only one that contains a coma separated list
"/C=CZ/O=CESNET/*","/O=CESNET/*"
This is the cause of the problem. According to Globus this should be a
space separated list, see
http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public
_Interfaces.html
Regards
Antony
> -----Original Message-----
> From: LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of Jiri Kosina
> Sent: 22 December 2005 15:35
> To: [log in to unmask]
> Subject: Re: [LCG-ROLLOUT] R-GMA authentication failed
>
>
> On Thu, 22 Dec 2005, Wilson, AJ (Antony) wrote:
>
> > We connect to your mon box ok you could try turning on
> logging on the
> > client and rerunning the client check export RGMA_API_LOGGING=DEBUG
>
> Hi Antony,
>
> thanks for your reply. I have placed the debugging output on
> http://jkosina.home.cern.ch/jkosina/RGMA.debug
>
> I guess that the reason for the error is
>
> INFO SSLVerifyCallback : Subject is not one that the signing
> policy allows
> the issuer to sign
> DEBUG SSLVerifyCallback : Bad signing policy
> INFO SSLVerifyCallback : Server certificate verification
> failure - Error
> code is 50 (application verification failure), depth is 0
>
> But I am not sure what is causing it. The certificate itself
> is fine (all
> other services, like gridftp, which are using it, work well
> between the WN
> and MON).
>
> Thanks,
>
> --
> Jiri Kosina
> Institute of Physics, Academy of sciences of the Czech Republic
>
|