×
We value your feedback! Please click here to access our 2024 Client Survey.
The survey will remain open until November 1st. Your perspective will help guide our product/service planning and goals for the upcoming year and beyond!

New certificate for globus fails

LabKey Support Forum
New certificate for globus fails ashoka  2011-09-29 15:37
Status: Closed
 
Hey Brian,
Both hostcert.pem and containercert.pem passed the test and displayed the messages like "hostcert.pem: OK".

Running openssl s_client -connect medusa.tgen.org:8443 returns:
CONNECTED(00000003)
depth=0 /O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org
verify error:num=27:certificate not trusted
verify return:1
depth=0 /O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org
   i:/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=Globus Simple CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICUzCCAbygAwIBAgIBATANBgkqhkiG9w0BAQQFADBiMQ0wCwYDVQQKEwRHcmlk
MRMwEQYDVQQLEwpHbG9idXNUZXN0MSEwHwYDVQQLExhzaW1wbGVDQS1tZWR1c2Eu
dGdlbi5vcmcxGTAXBgNVBAMTEEdsb2J1cyBTaW1wbGUgQ0EwHhcNMTEwOTI5MjIw
NzE5WhcNMTIwOTI4MjIwNzE5WjBmMQ0wCwYDVQQKEwRHcmlkMRMwEQYDVQQLEwpH
bG9idXNUZXN0MSEwHwYDVQQLExhzaW1wbGVDQS1tZWR1c2EudGdlbi5vcmcxHTAb
BgNVBAMTFGhvc3QvbWVkdXNhLnRnZW4ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDriVfoRA7z8MxQ3FinxVr9FXQSItAvi791PtQROUQu7KHnkaLc2dvr
veQeweQTRBvo7ZurTECgJY62XwYla+8oUFy0UxUJBMyTRYNnN1xacoSuQd+yfRMu
6qFtJj+5aWlFZUsYuWQSo0isFzTGcFs3ARC5VawjoUCJaVv9LLv7VQIDAQABoxUw
EzARBglghkgBhvhCAQEEBAMCBPAwDQYJKoZIhvcNAQEEBQADgYEAVomYIE5owLdw
StAYFZfp3QOGPGgBy11qhx6UQvx5rwSyKtxwP/Ljw7LfqCmk9XwYfz5VJO5A9dMz
0c92SwOD+ZiqT4J8vT9Zs3ZPQ7CidcaIORvx43BUbj/0VG+jipBIC/vjfWjlgRLb
LhCiOmZ8+EtWH0xKTdoD+MO6jfzClkw=
-----END CERTIFICATE-----
subject=/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org
issuer=/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=Globus Simple CA
---
Acceptable client certificate CA names
/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=Globus Simple CA
---
SSL handshake has read 893 bytes and written 337 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : SSLv3
    Cipher : DES-CBC3-SHA
    Session-ID: 8F3B2D96FF92BB1D041970598CF28B5635A8B9098FACA9D3B8C1E3DE6CC1235B
    Session-ID-ctx:
    Master-Key: A025B7752A5AA1478004CDCF9D081EAC9AFAFC6E32F95642B4898524BA2542D57B29452B6F072D7C8D9725AA530B061A
    Key-Arg : None
    Krb5 Principal: None
    Start Time: 1317335367
    Timeout : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

Running openssl x509 -in /etc/grid-security/hostcert.pem -text -noout returns:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=Grid, OU=GlobusTest, OU=simpleCA-medusa.tgen.org, CN=Globus Simple CA
        Validity
            Not Before: Sep 29 22:07:19 2011 GMT
            Not After : Sep 28 22:07:19 2012 GMT
        Subject: O=Grid, OU=GlobusTest, OU=simpleCA-medusa.tgen.org, CN=host/medusa.tgen.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:eb:89:57:e8:44:0e:f3:f0:cc:50:dc:58:a7:c5:
                    5a:fd:15:74:12:22:d0:2f:8b:bf:75:3e:d4:11:39:
                    44:2e:ec:a1:e7:91:a2:dc:d9:db:eb:bd:e4:1e:c1:
                    e4:13:44:1b:e8:ed:9b:ab:4c:40:a0:25:8e:b6:5f:
                    06:25:6b:ef:28:50:5c:b4:53:15:09:04:cc:93:45:
                    83:67:37:5c:5a:72:84:ae:41:df:b2:7d:13:2e:ea:
                    a1:6d:26:3f:b9:69:69:45:65:4b:18:b9:64:12:a3:
                    48:ac:17:34:c6:70:5b:37:01:10:b9:55:ac:23:a1:
                    40:89:69:5b:fd:2c:bb:fb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type:
                SSL Client, SSL Server, S/MIME, Object Signing
    Signature Algorithm: md5WithRSAEncryption
        56:89:98:20:4e:68:c0:b7:70:4a:d0:18:15:97:e9:dd:03:86:
        3c:68:01:cb:5d:6a:87:1e:94:42:fc:79:af:04:b2:2a:dc:70:
        3f:f2:e3:c3:b2:df:a8:29:a4:f5:7c:18:7f:3e:55:24:ee:40:
        f5:d3:33:d1:cf:76:4b:03:83:f9:98:aa:4f:82:7c:bd:3f:59:
        b3:76:4f:43:b0:a2:75:c6:88:39:1b:f1:e3:70:54:6e:3f:f4:
        54:6f:a3:8a:90:48:0b:fb:e3:7d:68:e5:81:12:db:2e:10:a2:
        3a:66:7c:f8:4b:56:1f:4c:4a:4d:da:03:f8:c3:ba:8d:fc:c2:
        96:4c

Any ideas how to compare?
-Ashoka