rcons uses xCAT credentials to verify.
In /etc/conserver.cf file it has the following:
config * {
sslrequired yes;
sslauthority /etc/xcat/cert/ca.pem;
sslcredentials /etc/xcat/cert/server-cred.pem;
}
Can you check those 2 files? I am just curious on the error you gave us:
console: SSLVerifyCallback(): issuer = /CN=xCAT CA
console: SSLVerifyCallback(): subject = /CN=xCAT CA
My /etc/xcat/cert/server-cred.pem look like this:
# cat /etc/xcat/cert/server-cred.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=xCAT CA
Validity
Not Before: Dec 27 11:47:51 2010 GMT
Not After : Dec 22 11:47:51 2030 GMT
Subject: CN=x3550n01 <--- the node mn name
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
....
.....
Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692
External: [email protected], 845-433-5692
"I never worry about the future. It comes soon enough." --- Albert
Einstein
From: Arif Ali <[email protected]>
To: "[email protected]"
<[email protected]>,
Cc: "[email protected]"
<[email protected]>
Date: 12/09/2013 04:12 PM
Subject: Re: [xcat-user] conserver issues
Yes to all
Removed the certificates and recreated using xcatconfig -c
I even did a killall -9 conserver
Could it be a version of openssl, it is above the rhels6.4 standard level.
Prob updated a few weeks back
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message-----
From: Ling Gao [[email protected]]
Received: Monday, 09 Dec 2013, 18:47
To: xCAT Users Mailing list [[email protected]]
CC: xCAT-user [[email protected]]
Subject: Re: [xcat-user] conserver issues
Hi Arif,
Have you run makeconservercf and "service conserver stop; service
conserver start" (not service conserver restart) after xcatconfig?
If it still does not work, can you remove /etc/conserver.cf and run
makeconservercf?
Ling
Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692
External: [email protected], 845-433-5692
"I never worry about the future. It comes soon enough." --- Albert
Einstein
From: Arif Ali <[email protected]>
To: xCAT-user <[email protected]>,
Date: 12/09/2013 11:27 AM
Subject: [xcat-user] conserver issues
Hi all,
I have checked the mailinglist and googled the info, but cannot find a fix
I have done a "xcatconfig -c" several times (as suggested by Lissa on
another post), with also removing the /etc/xcat/{cert,ca}, but I am having
no luck.
xCAT version 2.8.3, upgraded from 2.8.1 today, and we had the same issue
before the upgrade
OS: CentOS 6.4
Maybe I have missed looking at something.
# rcons blade089
console: SSLVerifyCallback(): error with certificate at depth: 1
console: SSLVerifyCallback(): issuer = /CN=xCAT CA
console: SSLVerifyCallback(): subject = /CN=xCAT CA
console: SSLVerifyCallback(): error #19: self signed certificate in
certificate chain
console: SSL negotiation failed
3788:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed:s3_clnt.c:912:
thanks in advance
--
Arif Ali
IRC: arif-ali at freenode
LinkedIn: http://uk.linkedin.com/in/arifali
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
