all seems to be OK, I start the s_server: openssl s_server -accept 7500 -cert /etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem -CApath /etc/grid-security/certificates/ -Verify 10 -quiet &
and execute this: openssl s_client -connect DebianLocal.localdomain:7500 -CApath /etc/grid-security/certificates -cert /etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem -quiet with this output: depth=1 /C=CU/L=Boyeros/ST=Habana/O=internet/OU=infraestructura/CN=DebianLocal.localdomain/[email protected] verify return:1 depth=0 /C=CU/L=Boyeros/ST=Habana/O=internet/OU=internet_myproxy/CN=DebianLocal.localdomain/[email protected] verify return:1 depth=1 /C=CU/L=Boyeros/ST=Habana/O=internet/OU=infraestructura/CN=DebianLocal.localdomain/[email protected] verify return:1 depth=0 /C=CU/L=Boyeros/ST=Habana/O=internet/OU=internet_myproxy/CN=DebianLocal.localdomain/[email protected] verify return:1 and the standard output stays hanging, at least the output doesn't show any error. I verify that cert.pem was signed with my CA: openssl verify -CApath /etc/grid-security/certificates /tmp/cert.pem output: cert.pem: OK but when I run the s_client ssl command whit cert.pem I received the following: depth=1 /C=CU/L=Boyeros/ST=Habana/O=internet/OU=infraestructura/CN=DebianLocal.localdomain/[email protected] verify return:1 depth=0 /C=CU/L=Boyeros/ST=Habana/O=internet/OU=internet_myproxy/CN=DebianLocal.localdomain/[email protected] verify return:1 depth=1 /C=CU/L=Boyeros/ST=Habana/O=internet/OU=infraestructura/CN=DebianLocal.localdomain/[email protected] verify return:1 depth=0 /C=CU/L=Boyeros/ST=HavanaCity/O=Desarrollo/OU=Internet_Desarrollo/CN=otro/[email protected] verify return:1 2924:error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short:rsa_eay.c:693: it's an openssl certificate decrypt "error pkcs1 padding too short", what's the closest meaning of this message. > I agree it looks like a certificate problem. > > I like to use the openssl s_client and s_server commands to check my > certificate setup. For example: > > # openssl s_server -accept 9999 -cert /etc/grid-security/hostcert.pem > -key /etc/grid-security/hostkey.pem -CApath > /etc/grid-security/certificates -Verify 10 -quiet > verify depth is 10, must return a certificate > depth=1 /C=US/O=National Center for Supercomputing > Applications/OU=Certificate Authorities/CN=CACL > verify return:1 > depth=0 /C=US/O=National Center for Supercomputing > Applications/OU=People/CN=Jim Basney > verify return:1 > > $ openssl s_client -connect localhost:9999 -CApath > /etc/grid-security/certificates -cert ~/.globus/usercert.pem -key > ~/.globus/userkey.pem -quiet > Enter pass phrase for /Users/jbasney/.globus/userkey.pem: > depth=1 /C=US/O=National Center for Supercomputing > Applications/OU=Certificate Authorities/CN=CACL > verify return:1 > depth=0 /C=US/O=National Center for Supercomputing > Applications/OU=Services/CN=example.edu > verify return:1 > > Maybe you can use these openssl commands to identify the certificate > problem in your setup. > > On 9/7/11 10:08 AM, [email protected] wrote: >> the error shown is: >> >> Error authenticating client: GSS Major Status: Authentication Failed GSS >> Minor Status Error Chain: globus_gsi_gssapi: SSLv3 handshake problems >> globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake >> OpenSSL Error: rsa_eay.c:693: in library: rsa routines, function >> RSA_EAY_PUBLIC_DECRYPT: pkcs1 padding too short OpenSSL Error: >> rsa_eay.c:693: in library: rsa routines, function >> RSA_EAY_PUBLIC_DECRYPT: >> pkcs1 padding too short >> >> it appears to be a decryption problem with the certificate cert.pem >> >>> On 9/7/11 8:52 AM, [email protected] wrote: >>>> I wonder if this error ( "Error authenticating: Connection closed." ) >>>> is >>>> an authentication problem, some PAM issue with myproxy, or everything >>>> is >>>> the /etc/grid-security/certificates directory. >>> >>> To answer this question, check your myproxy-server logs: >>> >>> http://grid.ncsa.illinois.edu/myproxy/troubleshooting.html >>> >>> ____________________________________________________________________________________ >>> Ein tolles Angebot. Waxing in Deiner Stadt bis -70%. Jetzt! >>> http://click.lavabit.com/h6p8e7memuaifbw61bw33t6gw39nzk8nt4c61gi646n5iehhha3b/ >>> ____________________________________________________________________________________ >>> > > ____________________________________________________________________________________ > Delivering best night jobs results. Get better, different Relevant results > fast ! > Searching the best of night jobs online. > http://click.lavabit.com/7dd3a6gmg8qmge5otayy4jwra49jo8sb6jfzap4ogaidgthpkgky/ > ____________________________________________________________________________________ >
