Hi Gonçalo,
first of all, thank you for the excellent debugging!
>
> * PEDP LOG IN ARGUS IN DEBUG MODE: *
> 2015-01-22 02:43:41.887Z - DEBUG [JettySslSelectChannelConnector] -
...
> *2015-01-22 02:43:51.930Z - DEBUG [PEPDaemonRequestHandler] - PIP
> REQVALIDATOR_PIP applied to Hessian request**
[..]
> *2015-01-22 02:43:51.931Z - DEBUG [AbstractX509PIP] - Validating
> cert chain...**
> **2015-01-22 02:44:01.956Z - DEBUG [AbstractX509PIP] - after caNl
> validation:*
> 4) We even tried to execute the pepcli, contacting directly the
> argus server, but with and without the QUOVADIS certificate, we got
> exactly the same logs, but just a very long delay on the execution
> of the command when QUOVADIS certificate is used.
This looks very much like a OCSP timeout. Are you willing/able to do
some further debugging?
If so, we would suggest that you run a tcpdump on the argus server, and
check for requests to the OCSP URL during a pep-cli callout.
I'm not sure which root CA is being used and whether there is any
intermediate CA involved. I found ocsp.quovadisglobal.com (and its alias
ocsp.quovadisoffshore.com), but I'm not sure that's the right one. If
so, it should have IP 91.240.104.66. You can also try sending us a
proxy-chain (without private key...).
Cheers,
Mischa
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email [log in to unmask]
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
|