Tom, Sangil, Todd, Chris and all
I have just configured a freshly installed Venue Server with a new Server
certificate.
I can replicate the issue...
Message from consol on the Venue Server side of things...
----------------------------------------
Traceback (most recent call last):
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/SSLServer.py", line 33,
in handle_request
request, client_address = self.get_request()
File "/usr/lib64/python2.6/SocketServer.py", line 444, in get_request
return self.socket.accept()
File
"/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/hosting/ZSI/ServiceContainer.py",
line 156, in M2CryptoConnectionAccept
ret = ssl.accept_ssl()
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
152, in accept_ssl
return m2.ssl_accept(self.ssl, self._timeout)
SSLError: tlsv1 alert unknown ca
----------------------------------------
Message from consol on the Venue Management side of things...
/usr/lib/python2.6/site-packages/ZSI/resolvers.py:7: DeprecationWarning: the
multifile module has been deprecated since Python 2.5
import multifile, mimetools, urllib
08/06/10 09:36:04 140460321769216 Toolkit Toolkit.py:167 INFO Logfile
Name: VenueManagement.log
08/06/10 09:36:04 140460321769216 VenueManagement VenueManagement:265 DEBUG
There is no my servers file to load.
08/06/10 09:36:04 140460321769216 Toolkit Config.py:685 DEBUG retrieved
local IP address 138.77.14.18
08/06/10 09:36:04 140460321769216 Toolkit Toolkit.py:117 DEBUG Initializing
AG Toolkit version 3.2 rc1
08/06/10 09:36:04 140460321769216 Toolkit Toolkit.py:118 INFO Command and
arguments: ['/usr/bin/VenueManagement', '-d']
08/06/10 09:36:04 140460321769216 Platform Config.py:897 INFO gnome
directory /home/arcs-test/.gnome/application-info or
/home/arcs-test/.gnome/mime-info not found, not registering file type .agpkg3
with gnome
08/06/10 09:36:04 140460321769216 Platform Config.py:897 INFO gnome
directory /home/arcs-test/.gnome/application-info or
/home/arcs-test/.gnome/mime-info not found, not registering file type .vv3d
with gnome
08/06/10 09:36:04 140460321769216 VenueClient Preferences.py:206 DEBUG
Preferences.LoadPreferences: open file
08/06/10 09:36:04 140460321769216 Toolkit Toolkit.py:167 INFO Logfile
Name: VenueManagement.log
08/06/10 09:36:04 140460321769216 CertificateManager
CertificateManager.py:212 DEBUG Opened repository
/home/arcs-test/.AccessGrid3/Config/certRepo
08/06/10 09:36:04 140460321769216 Toolkit Toolkit.py:473 INFO Initialized
certificate manager.
08/06/10 09:36:04 140460321769216 CertificateManager
CertificateManager.py:575 DEBUG Configuring standard environment
08/06/10 09:36:04 140460321769216 CertificateManager
CertificateManager.py:625 DEBUG Using default identity /O=Access
Grid/OU=agdev-ca.mcs.anl.gov/CN=VenueServer/arcs-ag-test.cqu.edu.au
08/06/10 09:36:13 140460321769216 VenueManagement VenueManagement:422 DEBUG
VenueManagementClient.ConnectToServer: Connect to server
https://138.77.14.18:8000/VenueServer
VenueManagement 08/06/10 09:36:13 DEBUG
VenueManagementClient.ConnectToServer: Connect to server
https://138.77.14.18:8000/VenueServer
08/06/10 09:36:13 140460321769216 VenueManagement VenueManagement:430 DEBUG
VenueManagementClient.ConnectToServer: Connect to server
VenueManagement 08/06/10 09:36:13 DEBUG
VenueManagementClient.ConnectToServer: Connect to server
08/06/10 09:36:13 140460321769216 Toolkit Toolkit.py:263 INFO Using
unencrypted certificate:
/home/arcs-test/.AccessGrid3/Config/certRepo/certificates/58e625459c405c5ba86407955bbdabac/bb10e3c80d44ae664798344f1fd143c0/cert.pem
/home/arcs-test/.AccessGrid3/Config/certRepo/privatekeys/4e8ce0d9cd5e3e34d00f4a552b680e4b.pem
Toolkit 08/06/10 09:36:13 INFO Using unencrypted certificate:
/home/arcs-test/.AccessGrid3/Config/certRepo/certificates/58e625459c405c5ba86407955bbdabac/bb10e3c80d44ae664798344f1fd143c0/cert.pem
/home/arcs-test/.AccessGrid3/Config/certRepo/privatekeys/4e8ce0d9cd5e3e34d00f4a552b680e4b.pem
08/06/10 09:36:13 140460321769216 VenueManagement VenueManagement:435 DEBUG
VenueManagementClient.ConnectToServer: Get venues from server
VenueManagement 08/06/10 09:36:13 DEBUG
VenueManagementClient.ConnectToServer: Get venues from server
08/06/10 09:36:13 140460321769216 VenueManagement VenueManagement:524 ERROR
VenueManagementClient.ConnectToServer: Can not connect.:
Traceback (most recent call last):
File "/usr/bin/VenueManagement", line 438, in ConnectToServer
vl = self.server.GetVenues()
File
"/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/interfaces/VenueServer_client.py",
line 168, in GetVenues
self.binding.Send(None, None, request, soapaction="urn:#GetVenues", **kw)
File "/usr/lib/python2.6/site-packages/ZSI/client.py", line 266, in Send
self.h.connect()
File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in
connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
181, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
174, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: certificate verify failed
VenueManagement 08/06/10 09:36:13 ERROR
VenueManagementClient.ConnectToServer: Can not connect.:
Traceback (most recent call last):
File "/usr/bin/VenueManagement", line 438, in ConnectToServer
vl = self.server.GetVenues()
File
"/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/interfaces/VenueServer_client.py",
line 168, in GetVenues
self.binding.Send(None, None, request, soapaction="urn:#GetVenues", **kw)
File "/usr/lib/python2.6/site-packages/ZSI/client.py", line 266, in Send
self.h.connect()
File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in
connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
181, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
174, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: certificate verify failed
CA certificate information
[arcs-ag-test@arcs-ag-test ~]$ certmgr_agtk
(ID mode) > ca
(CA mode) > list
1. /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=Access Grid Developers CA
2. /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
3. /O=Access Grid/O=Argonne National Laboratory/OU=Futures Lab Anonymous
Authority/CN=Anonymous Certificate Authority
4. /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
(CA mode) > show 1
Subject: /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=Access Grid Developers CA
Issuer: /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=Access Grid Developers CA
Certificate version: 2
Serial number: 2
Not valid before: 01/30/10 10:18:00
Not valid after: 01/28/20 10:18:00
md5 Fingerprint: 5B:03:A8:05:3E:85:3D:60:2B:86:CA:41:6D:56:51:54
Certificate location:
/home/arcs-test/.AccessGrid3/Config/certRepo/certificates/809ecc45460c1482e61e26bdfbf9e18c/4665b7fa3dc5e3e1870d794559764226/cert.pem
(CA mode) >
Interestingly, I exported the new server certificate and imported in on a
Windows XP machine. I am able to start a Venue Server and connect to it, via
the Venue Management Tool via it’s ip address (it didn’t connect via
localhost). Additionally, if I tried to connect to the Venue Server via the
Fedora 13 system, I get the same error message.
Anyway, I hope this information is of use.
Many regards,
Jason.
-----Original Message-----
From: ag-tech-boun...@lists.mcs.anl.gov
[mailto:ag-tech-boun...@lists.mcs.anl.gov] On Behalf Of Thomas Uram
Sent: Friday, 6 August 2010 04:06 AM
To: Sangil Choi
Cc: ag-t...@mcs.anl.gov
Subject: Re: [AG-TECH] 회신: Problems of VenueManagement
From the log I can see that you are using a VenueServer service certificate,
which is good.
Based on the 'unknown ca' error message, I wonder about the validity of the CA
certificate. Could you enter certificate management and check the validity of
the AG-Dev CA certificate?
Tom
On Aug 3, 2010, at 9:27 AM, Sangil Choi wrote:
> I checked URL of my server (Server : https://210.125.84.210:8000/VenueServer)
> but there is no changes in result. I think the cause seems to be elsewhere.
>
>
>
> In addition, I used 'https://210.125.84.210:8000/Venues' and the result is
> consistent.
>
>
>
> Thanks for your help.
>
>
>
> Regards,
>
> Sangil Choi.
>
> ________________________________________
> 보낸 사람: Christoph Willing [c.will...@uq.edu.au]
> 보낸 날짜: 2010년 8월 3일 화요일 오후 9:59
> 받는 사람: Sangil Choi
> 제목: Re: [AG-TECH] Problems of VenueManagement
>
> Sangil,
>
> Sometimes there is confusion about the name which the VenueServer is
> running. Look in the server log file (~/.ACcessGrid/Logs/
> VenueServer.log) for the line containing:
> ....... Venue.py:344 DEBUG ------------ STARTING VENUE
>
> Then the next line will contain the name of that the server is running
> as. It will be something like:
> ....... Venue.py:383 INFO Venue URI
> https://a.b.c.d:8000/Venues/0a0101ce20dd1d9654fb10b37feec5410c
>
> Use that name (https://a.b.c.d:8000/Venues) when connecting with the
> VenueManager
>
>
> If you can't find the correct lines in the log file, restart the
> VenueServer so they will be generated again.
>
>
> chris
>
>
> On 03/08/2010, at 8:10 PM, Sangil Choi wrote:
>
>> Hi, everyone.
>>
>> I've problem about VenueManagement Tool.
>>
>> I install 'AGTk3.2 beta 1' on Fedora Core 12 and send certificate
>> request message to agdev...@mcs.anl.gov<mailto:agdev...@mcs.anl.gov>.
>> After I got a replied message, I install that certificate and check
>> the '/usr/bin/certmgr_agtk' to make sure of its installation. In
>> addition, VenueServer works well.
>>
>> I found some problem when I use VenueManagement Tool to create new
>> venues in our venue server.
>>
>> I make an entry of “Venue Server Address” as follow:
>>
>> https://localhost:8000/VenueServer
>> https://NFRI-AG-Server.nm.gist.ac.kr:8000/VenueServer - It is DNS of
>> server machine
>> https://NFRI-AG-Server.gist.ac.kr:8000/VenueServer - It is the name
>> that uses in certificate request message.
>>
>> After I clinks go button, below message is shown.
>>
>> =========================================================
>> You were unable to connect to the venue server at:
>> https://localhost:8000/VenueServer
>> =========================================================
>>
>> In command window that execute VenueServer prints error message like
>> this.
>>
>> =========================================================
>> Traceback (nost recent call last):
>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/SSLServer.py",
>> line 32, in handle_request
>> request, client_address = self.get_request()
>> File "/usr/lib/python2.6/SocketServer.py", line 444, in get_request
>> return self.socket.accept()
>> File "/usr/lib/python2.6/site-packages/AccessGrid3/hosting/ZSI/
>> ServiceContainer.py", line 156, in M2CrytoConnectionAccept
>> ret = ssl.accept_ssl()
>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py",
>> line 152, in accept_ssl
>> return m2.ssl_accept(self.ssl, self._timeout)
>> SSLError : tlsv1 alert unknown ca
>> =========================================================
>>
>> Last, the following message was printed in VenueManagement.log file.
>>
>> =========================================================
>> 08/03/2010 04:36:50 PM -1216825664 Platform Config.py:897 INFO
>> gnome directory /home/ag/.gnome/application-info or /home/ag/.gnome/
>> mime-info not found, not registering file type .agpkg3 with gnome
>> 08/03/2010 04:36:50 PM -1216825664 Platform Config.py:897 INFO
>> gnome directory /home/ag/.gnome/application-info or /home/ag/.gnome/
>> mime-info not found, not registering file type .vv3d with gnome
>> 08/03/2010 04:36:50 PM -1216825664 VenueClient Preferences.py:
>> 206 DEBUG Preferences.LoadPreferences: open file
>> 08/03/2010 04:36:50 PM -1216825664 Toolkit Toolkit.py:166 INFO
>> Logfile Name: VenueManagement.log
>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager
>> CertificateManager.py:212 DEBUG Opened repository /home/
>> ag/.AccessGrid3/Config/certRepo
>> 08/03/2010 04:36:50 PM -1216825664 Toolkit Toolkit.py:472 INFO
>> Initialized certificate manager.
>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager
>> CertificateManager.py:575 DEBUG Configuring standard environment
>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager
>> CertificateManager.py:625 DEBUG Using default identity /O=Access
>> Grid/OU=agdev-ca.mcs.anl.gov/CN=VenueServer/NFRI-AG-Server.gist.ac.kr
>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement
>> VenueManagement:422 DEBUG VenueManagementClient.ConnectToServer:
>> Connect to server https://localhost:8000/VenueServer
>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement
>> VenueManagement:430 DEBUG VenueManagementClient.ConnectToServer:
>> Connect to server
>> 08/03/2010 04:36:52 PM -1216825664 Toolkit Toolkit.py:262 INFO
>> Using unencrypted certificate: /home/ag/.AccessGrid3/Config/certRepo/
>> certificates/174973e21fb8d6e777cf0199e079762b/
>> c922e6eac654d6475a33f6e48af375e7/cert.pem /home/ag/.AccessGrid3/
>> Config/certRepo/privatekeys/fb186c081f585da9ba71017c637bd452.pem
>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement
>> VenueManagement:435 DEBUG VenueManagementClient.ConnectToServer: Get
>> venues from server
>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement
>> VenueManagement:521 ERROR VenueManagementClient.ConnectToServer: Can
>> not connect.:
>> Traceback (most recent call last):
>> File "/usr/bin/VenueManagement", line 438, in ConnectToServer
>> vl = self.server.GetVenues()
>> File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>> interfaces/VenueServer_client.py", line 168, in GetVenues
>> self.binding.Send(None, None, request,
>> soapaction="urn:#GetVenues", **kw)
>> File "/usr/lib/python2.6/site-packages/ZSI/client.py", line 266, in
>> Send
>> self.h.connect()
>> File "/usr/lib/python2.6/site-packages/M2Crypto/httpslib.py", line
>> 50, in connect
>> self.sock.connect((self.host, self.port))
>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py",
>> line 177, in connect
>> self.socket.connect(addr)
>> File "<string>", line 1, in connect
>> error: [Errno 111] Connection refused
>> =========================================================
>>
>> What should I do to solve this problem?
>>
>> Regard,
>> Sangil Choi
>
> Christoph Willing +61 7 3365 8316
> QCIF Access Grid Manager
> University of Queensland
