Sounds like there might be something wrong with the containercert and containerkey. Try: $ openssl verify -CApath /etc/grid-security/certificates -purpose sslserver /etc/grid-security/containercert.pem

You might also check that the modulus on the cert and key match. The commands for that are at http://security.ncsa.uiuc.edu/research/grid- howtos/usefulopenssl.php


Charles

On Sep 4, 2007, at 6:23 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote:

I've got to stage 3.6 of the quickstart quide, and all tests have worked
so far (globus-url-copy, etc)
Concept% globusrun-ws -F semantic -submit -c /bin/true
Semantic% globusrun-ws -F concept -submit -c /bin/true    <- both work

So the certificates seem to be in place (as suggested by googling around
on the exception messages)

Upon starting the container on the second machine (concept), I get the
following problem trace.

<<Note, I have removed the RFT database errors for the moment, by
pointing to semantic's mysql database, rather than trying to debug
staging problems as well>>

2007-09-04 12:13:36,349 INFO  exec.RunQueue [main,initialize:68]
Starting state machine with 18 run queues.
Failed to obtain a list of services from
'https://132.146.233.70:8443/wsrf/services/ContainerRegistryService'
service: ; nested exception is:
        java.io.EOFException
2007-09-04 12:14:01,561 ERROR container.GSIServiceThread
[ServiceThread-10,process:145] Error processing request
Authentication failed
. Caused by
Failure unspecified at GSS-API level
. Caused by
COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error
        at COM.claymoresystems.ptls.SSLConn.alert(SSLConn.java:235)
        at
COM.claymoresystems.ptls.SSLCertificateVerify.decode (SSLCertificateVerif
y.java:160)
        at
COM.claymoresystems.ptls.SSLHandshakeServer.recvCertificateVerify (SSLHan
dshakeServer.java:561)
        at
COM.claymoresystems.ptls.SSLHandshakeServer.processTokens (SSLHandshakeSe
rver.java:228)
        at
COM.claymoresystems.ptls.SSLHandshake.processHandshake (SSLHandshake.java
:135)
        at
org.globus.gsi.gssapi.GlobusGSSContextImpl.acceptSecContext (GlobusGSSCon
textImpl.java:284)
        at
org.globus.gsi.gssapi.net.GssSocket.authenticateServer (GssSocket.java:12
4)
        at
org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
        at
org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java: 161)
        at
org.globus.wsrf.container.GSIServiceThread.process (GSIServiceThread.java
:102)
        at
org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:302)


Nicholas J. Kings (Nick)
Senior Researcher
Next Generation Web Research, BT Group Chief Technology Office




Reply via email to