I logged on our Redhat 6.4 machine and ran xcatconfig -c and then when I ran rcons rhcn1, I got this error, not quite the same as yours.
[root@ls21n01 ~]# rcons rhcn1 console: SSLVerifyCallback(): error with certificate at depth: 1 console: SSLVerifyCallback(): issuer = /CN=xCAT CA console: SSLVerifyCallback(): subject = /CN=xCAT CA console: SSLVerifyCallback(): error #19: self signed certificate in certificate console: SSL negotiation failed 12769:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify I then ran makeconservercf service conserver stop service conserver start I could then run cons rhcn1 without an error. What level of openssl is on your MN This is what I am running with [root@ls21n01 ~]# rpm -qa | grep -i SSL perl-IO-Socket-SSL-1.31-2.el6.noarch perl-Crypt-SSLeay-0.57-16.el6.x86_64 perl-Net-SSLeay-1.35-9.el6.x86_64 openssl098e-0.9.8e-17.el6_2.2.x86_64 openssl-1.0.0-27.el6.x86_64 pyOpenSSL-0.10-2.el6.x86_64 openssl-devel-1.0.0-27.el6.x86_64 Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Ling Gao/Poughkeepsie/IBM@IBMUS To: xCAT Users Mailing list <[email protected]>, Cc: xCAT Users Mailing list <[email protected]> Date: 12/10/2013 02:43 PM Subject: Re: [xcat-user] conserver issues Arif, Can you check $HOME/.consolerc file. Mine looks like this: # cat ~/.consolerc config * { port 782; sslenabled yes; sslauthority /root/.xcat/ca.pem; sslcredentials /root/.xcat/client-cred.pem; } Can you also check if there is conserver associated with the node? nodels <nodename> nodehm.conserver Thanks, Ling Ling Gao Poughkeepsie Unix Development Lab IBM Systems and Technology Group Internal: T/L 293-5692 External: [email protected], 845-433-5692 "I never worry about the future. It comes soon enough." --- Albert Einstein From: Lissa Valletta/Poughkeepsie/IBM@IBMUS To: xCAT Users Mailing list <[email protected]>, Date: 12/10/2013 12:56 PM Subject: Re: [xcat-user] conserver issues There is one other piece to the certificate when you run xcatconfig -c that is under /root/.xcat that is getting regenerated also-- correct? It should. I would think the other xCAT commands would fail also. Do you have service nodes? If so are they working? Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 Inactive hide details for Arif Ali ---12/10/2013 12:28:58 PM---Hi Ling, See below for the excerpt similar to yours, it looks veArif Ali ---12/10/2013 12:28:58 PM---Hi Ling, See below for the excerpt similar to yours, it looks very similar From: Arif Ali <[email protected]> To: <[email protected]>, Date: 12/10/2013 12:28 PM Subject: Re: [xcat-user] conserver issues Hi Ling, See below for the excerpt similar to yours, it looks very similar $ cat etc/xcat/cert/server-cred.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=xCAT CA Validity Not Before: Dec 9 11:55:02 2013 GMT Not After : Dec 4 11:55:02 2033 GMT Subject: CN=gondor <------- This is correctly the hostname of the MN Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: regards, Arif Ali MBCS Senior HPC Technical Architect OCF plc Tel: +44 (0)114 257 2200 Mob: +44 (0)7970 148 122 Fax: +44 (0)114 257 0022 Web: www.ocf.co.uk Blog: blog.ocf.co.uk Twitter: @ocfplc OCF plc is a company registered in England and Wales. Registered number 4132533, VAT number GB 780 6803 14. Registered office address: OCF plc, 5 Rotunda Business Centre, Thorncliffe Park, Chapeltown, Sheffield, S35 2PG. This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. On 09/12/13 22:10, Ling Gao wrote: rcons uses xCAT credentials to verify. In /etc/conserver.cf file it has the following: config * { sslrequired yes; sslauthority /etc/xcat/cert/ca.pem; sslcredentials /etc/xcat/cert/server-cred.pem; } Can you check those 2 files? I am just curious on the error you gave us: console: SSLVerifyCallback(): issuer = /CN=xCAT CA console: SSLVerifyCallback(): subject = /CN=xCAT CA My /etc/xcat/cert/server-cred.pem look like this: # cat /etc/xcat/cert/server-cred.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=xCAT CA Validity Not Before: Dec 27 11:47:51 2010 GMT Not After : Dec 22 11:47:51 2030 GMT Subject: CN=x3550n01 <--- the node mn name Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: .... ..... Ling Gao Poughkeepsie Unix Development Lab IBM Systems and Technology Group Internal: T/L 293-5692 External: [email protected], 845-433-5692 "I never worry about the future. It comes soon enough." --- Albert Einstein From: Arif Ali <[email protected]> To: "[email protected]" <[email protected]>, Cc: "[email protected]" <[email protected]> Date: 12/09/2013 04:12 PM Subject: Re: [xcat-user] conserver issues Yes to all Removed the certificates and recreated using xcatconfig -c I even did a killall -9 conserver Could it be a version of openssl, it is above the rhels6.4 standard level. Prob updated a few weeks back Sent from my Android phone using TouchDown (www.nitrodesk.com) -----Original Message----- From: Ling Gao [[email protected]] Received: Monday, 09 Dec 2013, 18:47 To: xCAT Users Mailing list [[email protected]] CC: xCAT-user [[email protected]] Subject: Re: [xcat-user] conserver issues Hi Arif, Have you run makeconservercf and "service conserver stop; service conserver start" (not service conserver restart) after xcatconfig? If it still does not work, can you remove /etc/conserver.cf and run makeconservercf? Ling Ling Gao Poughkeepsie Unix Development Lab IBM Systems and Technology Group Internal: T/L 293-5692 External: [email protected], 845-433-5692 "I never worry about the future. It comes soon enough." --- Albert Einstein From: Arif Ali <[email protected]> To: xCAT-user <[email protected]>, Date: 12/09/2013 11:27 AM Subject: [xcat-user] conserver issues Hi all, I have checked the mailinglist and googled the info, but cannot find a fix I have done a "xcatconfig -c" several times (as suggested by Lissa on another post), with also removing the /etc/xcat/{cert,ca}, but I am having no luck. xCAT version 2.8.3, upgraded from 2.8.1 today, and we had the same issue before the upgrade OS: CentOS 6.4 Maybe I have missed looking at something. # rcons blade089 console: SSLVerifyCallback(): error with certificate at depth: 1 console: SSLVerifyCallback(): issuer = /CN=xCAT CA console: SSLVerifyCallback(): subject = /CN=xCAT CA console: SSLVerifyCallback(): error #19: self signed certificate in certificate chain console: SSL negotiation failed 3788:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:912: thanks in advance -- Arif Ali IRC: arif-ali at freenode LinkedIn: http://uk.linkedin.com/in/arifali ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
<<inline: graycol.gif>>
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
