[root@ce scripts]# rpm -qf /opt/edg/sbin/edg-mkgridmap
edg-mkgridmap-3.0.0-1
After now gridmap is working w/o any problem. But I used voms-proxy-init before running it.
But the second part of the problem, i.e., fetch crl is not updating /etc/grid-security/certificates/367b75c3.r0 file despite running fetch-crl script several time.
Cheers,
Asif Osman
________________________________
From: LHC Computer Grid - Rollout on behalf of Jan Just Keijser
Sent: Tue 9/23/2008 9:20 AM
To: [log in to unmask]
Subject: Re: [LCG-ROLLOUT] SSL negotiation failed
Hi Asif,
to me it seems that the fetch-crl error has little to do with the
edg-mkgridmap error. Also, the edg-mkgridmap command did not change
between release 30 and release 31, as far as I can tell. Can you run
rpm -qf /opt/edg/sbin/edg-mkgridmap
to verify that you're running
edg-mkgridmap-3.0.0-1
As for the openssl error: please be aware that you need to have a valid
certificate in order to run this command against newer VOMS server. What
happens if you run the command with
--verbose
added (this will produce quite a lot of output). I just ran the command with
--verbose --usermode
added and received no errors from the CERN voms servers.
HTH,
JJK / Jan Just Keijser
Nikhef Amsterdam
Asif Osman wrote:
> Dear All,
>
> To my previous email, I am adding some more information.
>
> Upgrading our site to glite 3.1 with latest release 31 resulted in the following error:
>
> [root@ce certificates]# [root@ce scripts]# /opt/edg/sbin/edg-mkgridmap --output=/etc/grid-security/grid-mapfile --safe
> voms search(https://voms.cern.ch:8443/voms/alice/services/VOMSCompatibility?method=getGridmapUsers&container=%2Falice): SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher
>
> The CRL file 367b75c3.r0 is not updated properly, despite running fetch-crl several times.
>
> Signature Algorithm: md5WithRSAEncryption
> Issuer: /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
> Last Update: Aug 13 15:41:37 2008 GMT
> Next Update: Sep 12 15:41:37 2008 GMT
>
> Last time, we solved the problem by introducting the option "--no-cache" in script /usr/sbin/fetch-crl:
> wgetAdditionalOptions="--no-cache" # require valid server cert
>
> but this time even this trick does not work.
>
> Any idea?
>
> Cheers,
> Asif Osman
>
>
>
> -----Original Message-----
> From: LHC Computer Grid - Rollout on behalf of Asif Osman
> Sent: Tue 9/23/2008 4:51 AM
> To: [log in to unmask]
> Subject: [LCG-ROLLOUT] SSL negotiation failed
>
> Dear All,
>
> We are getting SSL negotiatin problem with voms server after latest upgrade:
>
> voms search(https://voms.cern.ch:8443/voms/cms/services/VOMSCompatibility?method=getGridmapUsers&container=%2Fcms%2FRole%3Dproduction): SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher
>
>
|