Hi Ling,
See below for the excerpt similar to yours, it looks very similar
$ cat etc/xcat/cert/server-cred.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
*Issuer: CN=xCAT CA*
Validity
Not Before: Dec 9 11:55:02 2013 GMT
Not After : Dec 4 11:55:02 2033 GMT
*Subject: CN=gondor** <------- This is correctly the hostname of
the MN*
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
regards,
Arif Ali MBCS
Senior HPC Technical Architect
OCF plc
Tel: +44 (0)114 257 2200
Mob: +44 (0)7970 148 122
Fax: +44 (0)114 257 0022
Web: www.ocf.co.uk <http://www.ocf.co.uk>
Blog: blog.ocf.co.uk <http://blog.ocf.co.uk>
Twitter: @ocfplc <http://twitter.com/#%21/ocfplc>
OCF plc is a company registered in England and Wales. Registered number
4132533, VAT number GB 780 6803 14. Registered office address: OCF plc,
5 Rotunda Business Centre, Thorncliffe Park, Chapeltown, Sheffield, S35
2PG.
This message is private and confidential. If you have received this
message in error, please notify us and remove it from your system.
On 09/12/13 22:10, Ling Gao wrote:
rcons uses xCAT credentials to verify.
In /etc/conserver.cf file it has the following:
config * {
sslrequired yes;
sslauthority /etc/xcat/cert/ca.pem;
sslcredentials /etc/xcat/cert/server-cred.pem;
}
Can you check those 2 files? I am just curious on the error you gave us:
console: SSLVerifyCallback(): issuer = /CN=xCAT CA
console: SSLVerifyCallback(): subject = /CN=xCAT CA
My /etc/xcat/cert/server-cred.pem look like this:
# cat /etc/xcat/cert/server-cred.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
*Issuer: CN=xCAT CA*
Validity
Not Before: Dec 27 11:47:51 2010 GMT
Not After : Dec 22 11:47:51 2030 GMT
*Subject: CN=x3550n01 <--- the node mn name*
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
....
.....
Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692
External: [email protected], 845-433-5692
"I never worry about the future. It comes soon enough." --- Albert
Einstein
From: Arif Ali <[email protected]>
To: "[email protected]" <[email protected]>,
Cc: "[email protected]" <[email protected]>
Date: 12/09/2013 04:12 PM
Subject: Re: [xcat-user] conserver issues
------------------------------------------------------------------------
Yes to all
Removed the certificates and recreated using xcatconfig -c
I even did a killall -9 conserver
Could it be a version of openssl, it is above the rhels6.4 standard
level. Prob updated a few weeks back
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message----- *
From:* Ling Gao [[email protected]]*
Received:* Monday, 09 Dec 2013, 18:47*
To:* xCAT Users Mailing list [[email protected]]*
CC:* xCAT-user [[email protected]]*
Subject:* Re: [xcat-user] conserver issues
Hi Arif,
Have you run makeconservercf and "service conserver stop; service
conserver start" (not service conserver restart) after xcatconfig?
If it still does not work, can you remove /etc/conserver.cf and run
makeconservercf?
Ling
Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692
External: [email protected], 845-433-5692
"I never worry about the future. It comes soon enough." --- Albert
Einstein
From: Arif Ali <[email protected]>
To: xCAT-user <[email protected]>,
Date: 12/09/2013 11:27 AM
Subject: [xcat-user] conserver issues
------------------------------------------------------------------------
Hi all,
I have checked the mailinglist and googled the info, but cannot find a
fix
I have done a "xcatconfig -c" several times (as suggested by Lissa on
another post), with also removing the /etc/xcat/{cert,ca}, but I am
having no luck.
xCAT version 2.8.3, upgraded from 2.8.1 today, and we had the same
issue before the upgrade
OS: CentOS 6.4
Maybe I have missed looking at something.
# rcons blade089
console: SSLVerifyCallback(): error with certificate at depth: 1
console: SSLVerifyCallback(): issuer = /CN=xCAT CA
console: SSLVerifyCallback(): subject = /CN=xCAT CA
console: SSLVerifyCallback(): error #19: self signed certificate in
certificate chain
console: SSL negotiation failed
3788:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed:s3_clnt.c:912:
thanks in advance
--
Arif Ali
IRC: arif-ali at freenode
LinkedIn:
_http://uk.linkedin.com/in/arifali_------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!_
__http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk________________________________________________
xCAT-user mailing list
[email protected]_
__https://lists.sourceforge.net/lists/listinfo/xcat-user_
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
