I've seen it as well in Manchester when I tried to update this morning. I've rolled everything back to 1.87 for now.
I got the impression that it works when both, the server and the client use the same version, but more testing is needed to confirm this.
Cheers,
Robert
On 28/11/17 13:21, Stephen Jones wrote:
> Don't update to 1.88-1
>
> We have same problems too!
>
> Working on it; site is down because ARGUS (SL6) is clobbered by this...
>
> Cheers,
>
>
> Ste
>
>
> On 28/11/17 13:17, Daniela Bauer wrote:
>> Hi All,
>>
>> the latest trust anchor release contains this chage:
>>
>> * updated UKeScience 2B ICA based on a SHA-2 family digest (UK)
>>
>> When I try and run the cvmfs UI on SL6 I get the following error:
>>
>> lx01:~ > voms-proxy-init --voms gridpp
>> Enter GRID pass phrase for this identity:
>> Contacting voms03.gridpp.ac.uk:15000 <http://voms03.gridpp.ac.uk:15000> [/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk <http://voms03.gridpp.ac.uk>] "gridpp"...
>> Certificate validation error: Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Error contacting voms03.gridpp.ac.uk:15000 <http://voms03.gridpp.ac.uk:15000> for VO gridpp: java.security.cert.CertificateException: The peer's certificate with subject's DN CN=voms03.gridpp.ac.uk <http://voms03.gridpp.ac.uk>,L=Physics,OU=Imperial,O=eScience,C=UK was rejected. The peer's certificate status is: FAILED The following validation errors were found:
>> error at position 0 in chain, problematic certificate subject: CN=voms03.gridpp.ac.uk <http://voms03.gridpp.ac.uk>,L=Physics,OU=Imperial,O=eScience,C=UK (category: CRL): Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Certificate validation error: Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Error contacting voms03.gridpp.ac.uk:15000 <http://voms03.gridpp.ac.uk:15000> for VO gridpp: peer not authenticated
>> Error contacting voms03.gridpp.ac.uk:15000 <http://voms03.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS endpoints failed.
>> Contacting voms02.gridpp.ac.uk:15000 <http://voms02.gridpp.ac.uk:15000> [/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk <http://voms02.gridpp.ac.uk>] "gridpp"...
>> Certificate validation error: Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Error contacting voms02.gridpp.ac.uk:15000 <http://voms02.gridpp.ac.uk:15000> for VO gridpp: java.security.cert.CertificateException: The peer's certificate with subject's DN CN=voms02.gridpp.ac.uk <http://voms02.gridpp.ac.uk>,L=OeSC,OU=Oxford,O=eScience,C=UK was rejected. The peer's certificate status is: FAILED The following validation errors were found:
>> error at position 0 in chain, problematic certificate subject: CN=voms02.gridpp.ac.uk <http://voms02.gridpp.ac.uk>,L=OeSC,OU=Oxford,O=eScience,C=UK (category: CRL): Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Certificate validation error: Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Error contacting voms02.gridpp.ac.uk:15000 <http://voms02.gridpp.ac.uk:15000> for VO gridpp: peer not authenticated
>> Error contacting voms02.gridpp.ac.uk:15000 <http://voms02.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS endpoints failed.
>> Contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000> [/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk <http://voms.gridpp.ac.uk>] "gridpp"...
>> Certificate validation error: Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Error contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000> for VO gridpp: java.security.cert.CertificateException: The peer's certificate with subject's DN CN=voms.gridpp.ac.uk <http://voms.gridpp.ac.uk>,L=HEP,OU=Manchester,O=eScience,C=UK was rejected. The peer's certificate status is: FAILED The following validation errors were found:
>> error at position 0 in chain, problematic certificate subject: CN=voms.gridpp.ac.uk <http://voms.gridpp.ac.uk>,L=HEP,OU=Manchester,O=eScience,C=UK (category: CRL): Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Certificate validation error: Can not verify the CRL as its issuer's public key is unknown or can not be validated Cause: Certification path could not be validated. Cause: NullPointerException
>> Error contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000> for VO gridpp: peer not authenticated
>> Error contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS endpoints failed.
>> None of the contacted servers for gridpp were capable of returning a valid AC for the user.
>> User's request for VOMS attributes could not be fulfilled.
>>
>>
>> It works on SL7.
>>
>> This error is fairly deadly for a lot of stuff we are doing here.
>>
>> Any ideas ?
>>
>> Regards,
>> Daniela
>>
>>
>> --
>> Sent from the pit of despair
>>
>> -----------------------------------------------------------
>> [log in to unmask] <mailto:[log in to unmask]>
>> HEP Group/Physics Dep
>> Imperial College
>> London, SW7 2BW
>> Tel: +44-(0)20-75947810
>> http://www.hep.ph.ic.ac.uk/~dbauer/ <http://www.hep.ph.ic.ac.uk/%7Edbauer/>
>
>
|