Unfortunately, I found that the procedure below isn't sufficient for Fedora 13, even though it shows all the same error messages. More debugging needed ...
chris On 06/08/2010, at 11:28 AM, Christoph Willing wrote: > Further to Tom's suggestion about checking the CA certificate, I > have just tested 3 different Linux systems: Ubuntu Lucid, Slackware > 13.1 and Fedora 11. > > 1. All showed exactly the same symptoms (inability to connect with > VenueManagement) and log outputs. > 2. All were "missing" the AG-Dev CA certificate > > (where "missing" may just mean out of date and so not showing up in > the certificate manager) > > The cure for all three systems was to find and put in place the > correct (up to date) CA certificate. The correct CA certificate is > available at: > > https://svn.ci.uchicago.edu/svn/accessgrid/trunk/packaging/config/CAcertificates/45cc9e80.0 > > Download it and copy it into /etc/AccessGrid3/Config/ > CAcertificates/, replacing the existing file of the same name. There > is also a 45cc9e80.signing_policy file at the same place - you can > download it too but I think its the same as the already installed one. > > > Now load the newly downloaded CA certificate using: > 1. CertificateManager3.py (plain CertificateManager on some > systems) "Trusted CA Certificates" tab > or 2. certmgr3.py (or certmgr_agtk) command line tool in its "ca" > mode > > Once loaded, check its validity ("View Certificate" button for gui > tool, "show" command for command line tool). The correct one has > Subject and Issuer "CN=Access Grid Developers CA" and "Not valid > after 01/28/20" > > > If the correct CA is loaded _and_ you have a current service > certificate, then the VenueServer will run and the VenueManagement > tool will connect to it correctly. The three systems mentioned > above, previously broken, are all now working as expected after the > procedure outlined above. > > > chris > > > > On 06/08/2010, at 4:05 AM, Thomas Uram wrote: > >> From the log I can see that you are using a VenueServer service >> certificate, which is good. >> >> Based on the 'unknown ca' error message, I wonder about the >> validity of the CA certificate. Could you enter certificate >> management and check the validity of the AG-Dev CA certificate? >> >> Tom >> >> On Aug 3, 2010, at 9:27 AM, Sangil Choi wrote: >> >>> I checked URL of my server (Server : >>> https://210.125.84.210:8000/VenueServer) >>> but there is no changes in result. I think the cause seems to be >>> elsewhere. >>> >>> >>> >>> In addition, I used 'https://210.125.84.210:8000/Venues' and the >>> result is consistent. >>> >>> >>> >>> Thanks for your help. >>> >>> >>> >>> Regards, >>> >>> Sangil Choi. >>> >>> ________________________________________ >>> 보낸 사람: Christoph Willing [c.will...@uq.edu.au] >>> 보낸 날짜: 2010년 8월 3일 화요일 오후 9:59 >>> 받는 사람: Sangil Choi >>> 제목: Re: [AG-TECH] Problems of VenueManagement >>> >>> Sangil, >>> >>> Sometimes there is confusion about the name which the VenueServer is >>> running. Look in the server log file (~/.ACcessGrid/Logs/ >>> VenueServer.log) for the line containing: >>> ....... Venue.py:344 DEBUG ------------ STARTING VENUE >>> >>> Then the next line will contain the name of that the server is >>> running >>> as. It will be something like: >>> ....... Venue.py:383 INFO Venue URI >>> https://a.b.c.d:8000/Venues/0a0101ce20dd1d9654fb10b37feec5410c >>> >>> Use that name (https://a.b.c.d:8000/Venues) when connecting with the >>> VenueManager >>> >>> >>> If you can't find the correct lines in the log file, restart the >>> VenueServer so they will be generated again. >>> >>> >>> chris >>> >>> >>> On 03/08/2010, at 8:10 PM, Sangil Choi wrote: >>> >>>> Hi, everyone. >>>> >>>> I've problem about VenueManagement Tool. >>>> >>>> I install 'AGTk3.2 beta 1' on Fedora Core 12 and send certificate >>>> request message to agdev...@mcs.anl.gov<mailto:agdev- >>>> c...@mcs.anl.gov>. >>>> After I got a replied message, I install that certificate and check >>>> the '/usr/bin/certmgr_agtk' to make sure of its installation. In >>>> addition, VenueServer works well. >>>> >>>> I found some problem when I use VenueManagement Tool to create new >>>> venues in our venue server. >>>> >>>> I make an entry of “Venue Server Address” as follow: >>>> >>>> https://localhost:8000/VenueServer >>>> https://NFRI-AG-Server.nm.gist.ac.kr:8000/VenueServer - It is DNS >>>> of >>>> server machine >>>> https://NFRI-AG-Server.gist.ac.kr:8000/VenueServer - It is the name >>>> that uses in certificate request message. >>>> >>>> After I clinks go button, below message is shown. >>>> >>>> ========================================================= >>>> You were unable to connect to the venue server at: >>>> https://localhost:8000/VenueServer >>>> ========================================================= >>>> >>>> In command window that execute VenueServer prints error message >>>> like >>>> this. >>>> >>>> ========================================================= >>>> Traceback (nost recent call last): >>>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/SSLServer.py", >>>> line 32, in handle_request >>>> request, client_address = self.get_request() >>>> File "/usr/lib/python2.6/SocketServer.py", line 444, in get_request >>>> return self.socket.accept() >>>> File "/usr/lib/python2.6/site-packages/AccessGrid3/hosting/ZSI/ >>>> ServiceContainer.py", line 156, in M2CrytoConnectionAccept >>>> ret = ssl.accept_ssl() >>>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py", >>>> line 152, in accept_ssl >>>> return m2.ssl_accept(self.ssl, self._timeout) >>>> SSLError : tlsv1 alert unknown ca >>>> ========================================================= >>>> >>>> Last, the following message was printed in VenueManagement.log >>>> file. >>>> >>>> ========================================================= >>>> 08/03/2010 04:36:50 PM -1216825664 Platform Config.py:897 INFO >>>> gnome directory /home/ag/.gnome/application-info or /home/ >>>> ag/.gnome/ >>>> mime-info not found, not registering file type .agpkg3 with gnome >>>> 08/03/2010 04:36:50 PM -1216825664 Platform Config.py:897 INFO >>>> gnome directory /home/ag/.gnome/application-info or /home/ >>>> ag/.gnome/ >>>> mime-info not found, not registering file type .vv3d with gnome >>>> 08/03/2010 04:36:50 PM -1216825664 VenueClient Preferences.py: >>>> 206 DEBUG Preferences.LoadPreferences: open file >>>> 08/03/2010 04:36:50 PM -1216825664 Toolkit Toolkit.py:166 INFO >>>> Logfile Name: VenueManagement.log >>>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager >>>> CertificateManager.py:212 DEBUG Opened repository /home/ >>>> ag/.AccessGrid3/Config/certRepo >>>> 08/03/2010 04:36:50 PM -1216825664 Toolkit Toolkit.py:472 INFO >>>> Initialized certificate manager. >>>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager >>>> CertificateManager.py:575 DEBUG Configuring standard environment >>>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager >>>> CertificateManager.py:625 DEBUG Using default identity /O=Access >>>> Grid/OU=agdev-ca.mcs.anl.gov/CN=VenueServer/NFRI-AG- >>>> Server.gist.ac.kr >>>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement >>>> VenueManagement:422 DEBUG VenueManagementClient.ConnectToServer: >>>> Connect to server https://localhost:8000/VenueServer >>>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement >>>> VenueManagement:430 DEBUG VenueManagementClient.ConnectToServer: >>>> Connect to server >>>> 08/03/2010 04:36:52 PM -1216825664 Toolkit Toolkit.py:262 INFO >>>> Using unencrypted certificate: /home/ag/.AccessGrid3/Config/ >>>> certRepo/ >>>> certificates/174973e21fb8d6e777cf0199e079762b/ >>>> c922e6eac654d6475a33f6e48af375e7/cert.pem /home/ag/.AccessGrid3/ >>>> Config/certRepo/privatekeys/fb186c081f585da9ba71017c637bd452.pem >>>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement >>>> VenueManagement:435 DEBUG VenueManagementClient.ConnectToServer: >>>> Get >>>> venues from server >>>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement >>>> VenueManagement:521 ERROR VenueManagementClient.ConnectToServer: >>>> Can >>>> not connect.: >>>> Traceback (most recent call last): >>>> File "/usr/bin/VenueManagement", line 438, in ConnectToServer >>>> vl = self.server.GetVenues() >>>> File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ >>>> interfaces/VenueServer_client.py", line 168, in GetVenues >>>> self.binding.Send(None, None, request, >>>> soapaction="urn:#GetVenues", **kw) >>>> File "/usr/lib/python2.6/site-packages/ZSI/client.py", line 266, in >>>> Send >>>> self.h.connect() >>>> File "/usr/lib/python2.6/site-packages/M2Crypto/httpslib.py", line >>>> 50, in connect >>>> self.sock.connect((self.host, self.port)) >>>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py", >>>> line 177, in connect >>>> self.socket.connect(addr) >>>> File "<string>", line 1, in connect >>>> error: [Errno 111] Connection refused >>>> ========================================================= >>>> >>>> What should I do to solve this problem? >>>> >>>> Regard, >>>> Sangil Choi >>> >>> Christoph Willing +61 7 3365 8316 >>> QCIF Access Grid Manager >>> University of Queensland >> > > Christoph Willing +61 7 3365 8316 > QCIF Access Grid Manager > University of Queensland > Christoph Willing +61 7 3365 8316 QCIF Access Grid Manager University of Queensland
