Mike, We've been able to replicate the problem here. Its due to the inability to load the AG Dev CA. You can confirm it by running a certmgr session as below. In particular, notice the error when trying to import 45cc9e80.0 (the AG Dev CA).
[ag@agn-display ~]$ cd /etc/AccessGrid3/Config/CAcertificates/ [ag@agn-display CAcertificates]$ certmgr_agtk /usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ ClientProfile.py:22: DeprecationWarning: the md5 module is deprecated; use hashlib instead import md5 /usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/Security/ ProxyGen.py:19: DeprecationWarning: The popen2 module is deprecated. Use the subprocess module. import popen2 (ID mode) > ca (CA mode) > import 45cc9e80.0 Error importing certificate from 45cc9e80.0: long too large to convert to int (CA mode) > quit We believe the error is due to the newer m2crypto version being used in Fedora 12 (both 32 and 64 bit). For now, I think your only Fedora based option is to use an earlier release (F11 looks OK). chris On 28/01/2010, at 1:05 AM, Mike Weaver wrote: > total 32 > -rw-r--r--. 1 root root 1436 2007-12-18 02:09 1c3f2ca8.0 > -rw-r--r--. 1 root root 2276 2004-05-06 14:51 1c3f2ca8.signing_policy > -rw-r--r--. 1 root root 912 2007-05-02 18:03 45cc9e80.0 > -rw-r--r--. 1 root root 1334 2004-03-25 09:25 45cc9e80.signing_policy > -rw-r--r--. 1 root root 1448 2004-04-19 18:00 d1b603c3.0 > -rw-r--r--. 1 root root 2263 2004-03-25 09:25 d1b603c3.signing_policy > -rw-r--r--. 1 root root 1334 2004-09-06 01:26 f18fa857.0 > -rw-r--r--. 1 root root 571 2004-09-06 01:26 f18fa857.signing_policy > > Interesting, Certificate Managers not seeing one? This was from a > fresh > installation on Fedora 12 using Jason's Install Guide and your > packages. > I've exported my certificates. I'm going to try rebuilding. > > Mike > > -----Original Message----- > From: Christoph Willing [mailto:[email protected]] > Sent: Tuesday, January 26, 2010 3:17 PM > To: [email protected] > Cc: [email protected] > Subject: Re: [AG-TECH] Venue Server question > > > On 27/01/2010, at 5:40 AM, Mike Weaver wrote: > >> I'm trying to set up & experiment with the AG 3 Venue Server. Got my >> service certificate approved & installed and the Venue Server started >> successfully, but can't connect with the Venue Manager. The >> relevant part >> of the VenueServer.log file looks like this: >> >> 01/26/10 14:26:52 -1260389520 Hosting ServiceContainer.py:187 >> ERROR None >> Traceback (most recent call last): >> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/SSLServer.py", >> line >> 33, in handle_request >> request, client_address = self.get_request() >> File "/usr/lib/python2.6/SocketServer.py", line 444, in get_request >> return self.socket.accept() >> File >> "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/hosting/ZSI/ >> Service >> Container.py", line 156, in M2CryptoConnectionAccept >> ret = ssl.accept_ssl() >> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py", >> line >> 152, in accept_ssl >> return m2.ssl_accept(self.ssl, self._timeout) >> SSLError: tlsv1 alert unknown ca >> >> Seems to say that the CA for my certificate is unknown. Running the >> Certificate Manager shows 3 trusted CAs - "DOEGrids CA 1", "ESnet >> Root CA 1" >> & "Anonymous Certificate Authority" (issued by ANL Futures lab). The >> service certificate was issued by the "Access Grid Developers CA". >> Did I >> miss a step or do something wrong? > > > Mike, > > There should be four CA's so one of them is either missing or expired. > Could you send a long listing (ls -l) of /etc/AccessGrid3/Config/ > CAcertificates please? > > > chris > > > Christoph Willing +61 7 3365 8316 > QCIF Access Grid Manager > University of Queensland > Christoph Willing +61 7 3365 8316 QCIF Access Grid Manager University of Queensland
