Oscar Koeroo wrote:
Hi,
By reading the failure message I can conclude that the authentication of
the client (peer) certificate failed.
The reason for this failure is not fully clear, but the error message
tells me that there is a mismatch between the used certificate and its
private key. It looks like if the VOMS server machine has the mismatch
which boiled up when performing the mutual authentication between the
client and service.
Can you verify that the private key of the VOMS service matches the
certificate? Perhaps the private key is not configured at all, which
would trigger the same error message.
I'd do the same for the client certificate. The text doesn't rule that
out. But my best bet is the service itself. Perhaps some file
permissions are to strict for the service if it runs as the 'voms' user
on the system.
No, this message is specific for the server certificate. For the rest,
Oscar's analysis is spot-on.
Ciao,
Vincenzo
cheers,
Oscar
arpit jain wrote:
Hii
Thanks for replying.......
Actually we dont have a firewall and both machines have access to CA
certificate files. I copied the hostcert.pem from VOMS Server machine
to client and exported the X509_VOMS_DIR variable to point to it.
I ran "voms-proxy-init -voms trial -vomses <LOC of vomses file > "
but it is giving below error on client machine
*Error: Could not establish authenticated connection with the server.
globus_gss_assist token :-1: read failure: Operation not permitted
None of the contacted servers for trial were capable
of returning a valid AC for the user.*
I just checked the VOMS Server log and it is showing below error:
"*LOG_ERROR:REQUEST:AcceptGSIAuthentication (Server.cpp:243):Failed to
acquire credentials:.GSS Major Status: General failure.GSS Minor
Status Error Chain:.globus_gsi_gssapi: Error with GSI
credential.globus_gsi_gssapi: Error with gss credential
handle.globus_gsi_gssapi: Error with openssl: Couldn't set the private
key to be used for the SSL context.OpenSSL Error: x509_cmp.c:389: in
library: x509 certificate routines, function X509_check_private_key:
key values mismatch."
Wed Sep 10 16:41:34 2008:192.168.61.197:vomsd[5267]:
msg="LOG_INFO:REQUEST:Run (vomsd.cc:627):Failed to authenticate peer"*
Can anyone please help??
Thanks
Arpit
On Wed, Sep 10, 2008 at 12:59 PM, Oscar Koeroo <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Hi,
Besides the opening in your firewall of the TCP portnumber 15000 for
your 'trial' VO on the VOMS service machine, that should be it.
Provided that both machine have access to the used CA certificate
file(s).
Oscar
arpit jain wrote:
Hiii
Can anyone suggest how to get VOMS-Credentials using
"voms-proxy-init" from a VOMS Server running on a remote machine?
I want to know the options and changes in client machine which I
need to make when running "voms-proxy-init" from a remote client
machine.
Thanks
Arpit
