Hiii You are perfectly upto the point bcoz my Key and Certficate were not matching. I rectified the error by chaging the key and I am now successfully able to get the credentials............:)
Thanks once again Arpit On Wed, Sep 10, 2008 at 5:57 PM, Vincenzo Ciaschini < [EMAIL PROTECTED]> wrote: > Oscar Koeroo wrote: > >> Hi, >> >> By reading the failure message I can conclude that the authentication of >> the client (peer) certificate failed. >> >> The reason for this failure is not fully clear, but the error message >> tells me that there is a mismatch between the used certificate and its >> private key. It looks like if the VOMS server machine has the mismatch which >> boiled up when performing the mutual authentication between the client and >> service. >> >> Can you verify that the private key of the VOMS service matches the >> certificate? Perhaps the private key is not configured at all, which would >> trigger the same error message. >> >> I'd do the same for the client certificate. The text doesn't rule that >> out. But my best bet is the service itself. Perhaps some file permissions >> are to strict for the service if it runs as the 'voms' user on the system. >> > No, this message is specific for the server certificate. For the rest, > Oscar's analysis is spot-on. > > Ciao, > Vincenzo > >> >> cheers, >> >> Oscar >> >> >> arpit jain wrote: >> >>> Hii >>> >>> Thanks for replying....... >>> Actually we dont have a firewall and both machines have access to CA >>> certificate files. I copied the hostcert.pem from VOMS Server machine to >>> client and exported the X509_VOMS_DIR variable to point to it. >>> I ran "voms-proxy-init -voms trial -vomses <LOC of vomses file > " but >>> it is giving below error on client machine >>> >>> *Error: Could not establish authenticated connection with the server. >>> >>> globus_gss_assist token :-1: read failure: Operation not permitted >>> >>> >>> None of the contacted servers for trial were capable >>> of returning a valid AC for the user.* >>> >>> >>> I just checked the VOMS Server log and it is showing below error: >>> >>> "*LOG_ERROR:REQUEST:AcceptGSIAuthentication (Server.cpp:243):Failed to >>> acquire credentials:.GSS Major Status: General failure.GSS Minor Status >>> Error Chain:.globus_gsi_gssapi: Error with GSI credential.globus_gsi_gssapi: >>> Error with gss credential handle.globus_gsi_gssapi: Error with openssl: >>> Couldn't set the private key to be used for the SSL context.OpenSSL Error: >>> x509_cmp.c:389: in library: x509 certificate routines, function >>> X509_check_private_key: key values mismatch." >>> Wed Sep 10 16:41:34 2008:192.168.61.197:vomsd[5267]: >>> msg="LOG_INFO:REQUEST:Run (vomsd.cc:627):Failed to authenticate peer"* >>> >>> Can anyone please help?? >>> >>> Thanks >>> Arpit >>> >>> >>> >>> On Wed, Sep 10, 2008 at 12:59 PM, Oscar Koeroo <[EMAIL PROTECTED]<mailto: >>> [EMAIL PROTECTED]>> wrote: >>> >>> Hi, >>> >>> Besides the opening in your firewall of the TCP portnumber 15000 for >>> your 'trial' VO on the VOMS service machine, that should be it. >>> >>> Provided that both machine have access to the used CA certificate >>> file(s). >>> >>> >>> Oscar >>> >>> >>> arpit jain wrote: >>> >>> Hiii >>> >>> Can anyone suggest how to get VOMS-Credentials using >>> "voms-proxy-init" from a VOMS Server running on a remote machine? >>> I want to know the options and changes in client machine which I >>> need to make when running "voms-proxy-init" from a remote client >>> machine. >>> >>> >>> Thanks >>> Arpit >>> >>> >>> >>> >> >
