I am posting the message below on behalf of my colleague Neha Sharma
(n...@fnal.gov)
Hi
DOEGrids recently added the following new critical extension in the
host certificate they issued -
"X509v3 Extended Key Usage: critical
TLS Web Server Authentication, TLS Web Client
Authentication"
When we upgraded the host certificate on our gatekeeper node, so
that it had the above extension, the gatekeeper failed to
authenticate itself with the Site Authorization Service (SAZ)
The exception we are seeing is below:
"Exception org.globus.common.ChainedIOException: Authentication
failed [Caused by: Defective credential detected [Caused by:
[JGLOBUS-95] Unsuppored critical exception : "2.5.29.37"]]"
Upon googling it, I noticed a bugzilla entry which is similar to
what we are seeing, however I do not see any resolution
http://bugzilla.globus.org/globus/show_bug.cgi?id=3299
SAZ is using cog-jglobus-1.7.0.jar, which I believe is the latest
version. Also I have confirmed that the cryptix32.jar and cryptix-
asn1.jar are the latest that globus provides.
The exact point where the above exception gets thrown is when SAZ
attempts to read data from the input stream of the client socket
Is this a known problem? Was the above bug ever resolved?
Any input you can provide is greatly appreciated.
-Neha
