Arif did you say you are not using the OpenSSL shipped with Redhat 6.4. What OpenSSL are you using. We have had issues recently with new levels of SSL in AIX. Can you run xCAT commands ok on the Management Node, anything like lsdef command without gettting complaints from Client.pm?
Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Ling Gao/Poughkeepsie/IBM@IBMUS To: xCAT Users Mailing list <[email protected]>, Cc: "[email protected]" <[email protected]> Date: 12/09/2013 05:12 PM Subject: Re: [xcat-user] conserver issues rcons uses xCAT credentials to verify. In /etc/conserver.cf file it has the following: config * { sslrequired yes; sslauthority /etc/xcat/cert/ca.pem; sslcredentials /etc/xcat/cert/server-cred.pem; } Can you check those 2 files? I am just curious on the error you gave us: console: SSLVerifyCallback(): issuer = /CN=xCAT CA console: SSLVerifyCallback(): subject = /CN=xCAT CA My /etc/xcat/cert/server-cred.pem look like this: # cat /etc/xcat/cert/server-cred.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=xCAT CA Validity Not Before: Dec 27 11:47:51 2010 GMT Not After : Dec 22 11:47:51 2030 GMT Subject: CN=x3550n01 <--- the node mn name Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: .... ..... Ling Gao Poughkeepsie Unix Development Lab IBM Systems and Technology Group Internal: T/L 293-5692 External: [email protected], 845-433-5692 "I never worry about the future. It comes soon enough." --- Albert Einstein From: Arif Ali <[email protected]> To: "[email protected]" <[email protected]>, Cc: "[email protected]" <[email protected]> Date: 12/09/2013 04:12 PM Subject: Re: [xcat-user] conserver issues Yes to all Removed the certificates and recreated using xcatconfig -c I even did a killall -9 conserver Could it be a version of openssl, it is above the rhels6.4 standard level. Prob updated a few weeks back Sent from my Android phone using TouchDown (www.nitrodesk.com) -----Original Message----- From: Ling Gao [[email protected]] Received: Monday, 09 Dec 2013, 18:47 To: xCAT Users Mailing list [[email protected]] CC: xCAT-user [[email protected]] Subject: Re: [xcat-user] conserver issues Hi Arif, Have you run makeconservercf and "service conserver stop; service conserver start" (not service conserver restart) after xcatconfig? If it still does not work, can you remove /etc/conserver.cf and run makeconservercf? Ling Ling Gao Poughkeepsie Unix Development Lab IBM Systems and Technology Group Internal: T/L 293-5692 External: [email protected], 845-433-5692 "I never worry about the future. It comes soon enough." --- Albert Einstein From: Arif Ali <[email protected]> To: xCAT-user <[email protected]>, Date: 12/09/2013 11:27 AM Subject: [xcat-user] conserver issues Hi all, I have checked the mailinglist and googled the info, but cannot find a fix I have done a "xcatconfig -c" several times (as suggested by Lissa on another post), with also removing the /etc/xcat/{cert,ca}, but I am having no luck. xCAT version 2.8.3, upgraded from 2.8.1 today, and we had the same issue before the upgrade OS: CentOS 6.4 Maybe I have missed looking at something. # rcons blade089 console: SSLVerifyCallback(): error with certificate at depth: 1 console: SSLVerifyCallback(): issuer = /CN=xCAT CA console: SSLVerifyCallback(): subject = /CN=xCAT CA console: SSLVerifyCallback(): error #19: self signed certificate in certificate chain console: SSL negotiation failed 3788:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:912: thanks in advance -- Arif Ali IRC: arif-ali at freenode LinkedIn: http://uk.linkedin.com/in/arifali ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
<<inline: graycol.gif>>
------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
