Re: [gt-user] Container failure

Tue, 04 Sep 2007 07:22:34 -0700

Sounds like there might be something wrong with the containercert and containerkey. Try: $ openssl verify -CApath /etc/grid-security/certificates -purpose sslserver /etc/grid-security/containercert.pem
You might also check that the modulus on the cert and key match. The commands for that are at http://security.ncsa.uiuc.edu/research/grid- howtos/usefulopenssl.php 


Charles


On Sep 4, 2007, at 6:23 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>  
wrote:



I've got to stage 3.6 of the quickstart quide, and all tests have  
worked

so far (globus-url-copy, etc)
Concept% globusrun-ws -F semantic -submit -c /bin/true
Semantic% globusrun-ws -F concept -submit -c /bin/true    <- both work


So the certificates seem to be in place (as suggested by googling  
around

on the exception messages)

Upon starting the container on the second machine (concept), I get the
following problem trace.

<<Note, I have removed the RFT database errors for the moment, by
pointing to semantic's mysql database, rather than trying to debug
staging problems as well>>

2007-09-04 12:13:36,349 INFO  exec.RunQueue [main,initialize:68]
Starting state machine with 18 run queues.
Failed to obtain a list of services from
'https://132.146.233.70:8443/wsrf/services/ContainerRegistryService'
service: ; nested exception is:
        java.io.EOFException
2007-09-04 12:14:01,561 ERROR container.GSIServiceThread
[ServiceThread-10,process:145] Error processing request
Authentication failed
. Caused by
Failure unspecified at GSS-API level
. Caused by
COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error
        at COM.claymoresystems.ptls.SSLConn.alert(SSLConn.java:235)
        at

COM.claymoresystems.ptls.SSLCertificateVerify.decode 
(SSLCertificateVerif

y.java:160)
        at

COM.claymoresystems.ptls.SSLHandshakeServer.recvCertificateVerify 
(SSLHan

dshakeServer.java:561)
        at

COM.claymoresystems.ptls.SSLHandshakeServer.processTokens 
(SSLHandshakeSe

rver.java:228)
        at

COM.claymoresystems.ptls.SSLHandshake.processHandshake 
(SSLHandshake.java

:135)
        at

org.globus.gsi.gssapi.GlobusGSSContextImpl.acceptSecContext 
(GlobusGSSCon

textImpl.java:284)
        at

org.globus.gsi.gssapi.net.GssSocket.authenticateServer 
(GssSocket.java:12

4)
        at
org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
        at

org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java: 
161)

        at

org.globus.wsrf.container.GSIServiceThread.process 
(GSIServiceThread.java

:102)
        at
org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:302)


Nicholas J. Kings (Nick)
Senior Researcher
Next Generation Web Research, BT Group Chief Technology Office



























					Reply via email to