Thanks, that was it, I've changed the ownership of vomscert and vomskey, and it works now.
cheers
Gianfranco
On 30 May 2014, at 12:23, Robert Frank wrote:
> The file locations and permissions look ok (unless you've changed the defaults).
> Are vomscert.pem/vomskey.pem owned by the voms user or by root ? As of EMI3, the voms processes run as voms user by default and not as root. If you changed the owner of vomscert.pem/vomskey.pem from voms to root when you replaced them then the voms processes can't open them and connections fail with a "no shared cipher" error.
>
> Cheers,
> Robert
>
> On 30/05/14 10:41, Gianfranco Sciacca wrote:
>> Following the replacement of the host cert in April (heartbleed), I see that clients no longer succeed connecting to the server:
>>
>> Fri May 30 11:29:25 2014:voms.lhep.unibe.ch:vomsd[17625]: msg="LOG_INFO:REQUEST:AcceptGSIAuthentication (Server.cpp:431):Error enstabilishing SSL context."
>> Fri May 30 11:29:25 2014:voms.lhep.unibe.ch:vomsd[17625]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:746):Failed to authenticate peer."
>> Fri May 30 11:29:25 2014:voms.lhep.unibe.ch:vomsd[17625]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:747):OpenSSL error: SSL Handshake error:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"
>>
>> In /etc/grid-security, I have hostcert.pem/hostkey.pem (644/400) and then a copy of them as vomscert.pem/vomskey.pem with the same permissions. Is this the correct setup?
>>
>> Many thanks and cheers
>>
|