> 2015-09-25 11:26:54,254 - client - INFO - No server certificate supplied. Will not encrypt messages.
Hi Winnie,
If you want to get rid of that message, find the server you're
submitting to:
# grep 'Established connection to host' /var/log/apel/client.log | tail -1
2015-10-22 14:19:32,571 - stomp.py - INFO - Established connection to
host mq.cro-ngi.hr, port 6162
Get that server's certificate with its public key:
# openssl s_client -connect mq.afroditi.hellasgrid.gr:6162 -showcerts |
sed -n '/BEGIN CERT/,/END CERT/p' > /etc/grid-security/servercert.pem
Use vi to make /etc/apel/sender.cfg contain this line in the
[certificates] section:
server_cert: /etc/grid-security/servercert.pem
The next time APEL runs, the message will be gone and the records are
encrypted with the public key of the server (which can read them because
it alone has the right private key.)
PS: cc'ing John Gordon. John; is this right? Do we need to encrypt this
accounting data in this way? If so I suggest this become Standard
Operating Procedure. Pls could you let me know what you think.
Cheers,
Steve
>
> 2013-06-26 18:14:27,965 - client - INFO - No server certificate supplied.
> Will not encrypt messages.
> ......
> 2015-09-29 02:36:58,598 - client - INFO - No server certificate supplied.
> Will not encrypt messages.
>
> I was away June 2013 when our SL5 emi-2 APEL node died hideously (actually
> its VMWare Server host died) & a VeryNew LCG Support person rebuilt it as
> SL6 emi-3 on a kvm/qemu VM host. He chose the non-yaim config option but
> did not say or document anything of what he did (very sad face)
>
> In July 2013 I asked TB-SUPPORT about that message but the only response was
> about emi-2 apel "and then rerun yaim" which neither applicable. Alison
> Packer responded saying
>
>> the new APEL client encrypts messages without you needing to set this. (We
>> will work on improving the logging so this statement does not cause this
>> confusion in a future version.)
> https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1307&L=TB-SUPPORT&O=D&F=&S=&X=6EF47C90AD13CAD854&P=31807
>
> It wasn't (to me) a crystal clear answer but what with ++busy/hectic/chaos
> had to leave it & so to this day our APEL node logs about not encrypting.
>
> Have just had a look at the short 6-pg Version: 2.2, Date: 23.07.2013
> APEL_Publisher_System_Administrator_Guide.pdf, & the word encrypt does not
> appear in it.
> So, hopefully it's harmless!!!
--
Steve Jones [log in to unmask]
Grid System Administrator office: 220
High Energy Physics Division tel (int): 43396
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396
University of Liverpool http://www.liv.ac.uk/physics/hep/
|