Hi Charles, $ openssl verify -CApath /etc/grid-security/certificates -purpose sslserver /etc/grid-security/containercert.pem /etc/grid-security/containercert.pem: OK
$ cd /etc/grid-security $ openssl x509 -in containercert.pem -noout -modulus Modulus=AFC3D5D83517590163A94E2569860E2C81E9EED74DF1A1B0889542E6C4C11197 900544089BE875BA3724FC0B1BAD1F3DD8CC17662C8C493065EA65F0BDD0E656FF81A49C 8AE3DF797F89DCF11B2CAFE8606998EB17C2FCEA3D95CBABA0D049734EE6AC81872BF811 0A3A422311DF3192B96F08FC012237F824D5D1F35D8ABF19 $ openssl rsa -in containerkey.pem -noout -modulus Modulus=B3985D61DF130B864660FD4680F41240F39567E828821556BAFE0B9602A10174 61DDAA84249C60DF41BEE7190EE42E48D0F556A3962A523AE27E13E843066559C07808D8 7B031CDC597213B65C8F13087928670BD844251ABC4F9F03F9B61EA57009B73390147F84 B2C297C29D946736DF7EFA1B26204F616F5AA532A4F7FC4F Bingo! Nicholas J. Kings (Nick) Senior Researcher Next Generation Web Research, BT Group Chief Technology Office > -----Original Message----- > From: Charles Bacon [mailto:[EMAIL PROTECTED] > Sent: 04 September 2007 15:22 > To: Kings,NJ,Nick,CXR3 R > Cc: [email protected] > Subject: Re: [gt-user] Container failure > > Sounds like there might be something wrong with the > containercert and containerkey. Try: > $ openssl verify -CApath /etc/grid-security/certificates > -purpose sslserver /etc/grid-security/containercert.pem > > You might also check that the modulus on the cert and key > match. The commands for that are at > http://security.ncsa.uiuc.edu/research/grid- > howtos/usefulopenssl.php > > > Charles > > On Sep 4, 2007, at 6:23 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > wrote: > > > I've got to stage 3.6 of the quickstart quide, and all tests have > > worked so far (globus-url-copy, etc) Concept% globusrun-ws > -F semantic > > -submit -c /bin/true > > Semantic% globusrun-ws -F concept -submit -c /bin/true > <- both work > > > > So the certificates seem to be in place (as suggested by googling > > around on the exception messages) > > > > Upon starting the container on the second machine > (concept), I get the > > following problem trace. > > > > <<Note, I have removed the RFT database errors for the moment, by > > pointing to semantic's mysql database, rather than trying to debug > > staging problems as well>> > > > > 2007-09-04 12:13:36,349 INFO exec.RunQueue [main,initialize:68] > > Starting state machine with 18 run queues. > > Failed to obtain a list of services from > > 'https://132.146.233.70:8443/wsrf/services/ContainerRegistryService' > > service: ; nested exception is: > > java.io.EOFException > > 2007-09-04 12:14:01,561 ERROR container.GSIServiceThread > > [ServiceThread-10,process:145] Error processing request > Authentication > > failed . Caused by Failure unspecified at GSS-API level . Caused by > > COM.claymoresystems.ptls.SSLThrewAlertException: Decrypt error > > at COM.claymoresystems.ptls.SSLConn.alert(SSLConn.java:235) > > at > > COM.claymoresystems.ptls.SSLCertificateVerify.decode > > (SSLCertificateVerif > > y.java:160) > > at > > COM.claymoresystems.ptls.SSLHandshakeServer.recvCertificateVerify > > (SSLHan > > dshakeServer.java:561) > > at > > COM.claymoresystems.ptls.SSLHandshakeServer.processTokens > > (SSLHandshakeSe > > rver.java:228) > > at > > COM.claymoresystems.ptls.SSLHandshake.processHandshake > > (SSLHandshake.java > > :135) > > at > > org.globus.gsi.gssapi.GlobusGSSContextImpl.acceptSecContext > > (GlobusGSSCon > > textImpl.java:284) > > at > > org.globus.gsi.gssapi.net.GssSocket.authenticateServer > > (GssSocket.java:12 > > 4) > > at > > > org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142) > > at > > org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java: > > 161) > > at > > org.globus.wsrf.container.GSIServiceThread.process > > (GSIServiceThread.java > > :102) > > at > > org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:302) > > > > > > Nicholas J. Kings (Nick) > > Senior Researcher > > Next Generation Web Research, BT Group Chief Technology Office > > > > > > > >
