> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Ewan MacMahon
>
> on service nodes where the server process that uses the certificate
> is written in Java, where we're getting failures with this error:
>
> Caused by: java.security.cert.CertificateException: Identity reading
> failed: null
>
Just a quick update on this - we've still got some details to nail
down, but we think we basically know what's happening. The problem
isn't with recently issued certificates, it's with my conversion
of the certificate from the browser exported .p12 file to the separate
cert and key .pem files that the services use.
I converted the certificates on my desktop machine which runs
Fedora 12, which has OpenSSL 1.0, rather than the considerably more
common 0.9.8 version. There has been a deliberate change in the
default file format used to store the private keys introduced in the
new OpenSSL, and it appears that the Java based services don't like
the new format.
The problem won't affect anyone that converts their certificates
on a system that has the older OpenSSL, so it should have fairly
limited impact, at least for now, though notably the recent RHEL 6
beta does include OpenSSL 1.0.
Ewan
|