New certificate for globus fails | ashoka | 2011-09-29 15:37 |
Status: Closed | ||
Hey Brian, Both hostcert.pem and containercert.pem passed the test and displayed the messages like "hostcert.pem: OK". Running openssl s_client -connect medusa.tgen.org:8443 returns: CONNECTED(00000003) depth=0 /O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org verify error:num=27:certificate not trusted verify return:1 depth=0 /O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org i:/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=Globus Simple CA --- Server certificate -----BEGIN CERTIFICATE----- MIICUzCCAbygAwIBAgIBATANBgkqhkiG9w0BAQQFADBiMQ0wCwYDVQQKEwRHcmlk MRMwEQYDVQQLEwpHbG9idXNUZXN0MSEwHwYDVQQLExhzaW1wbGVDQS1tZWR1c2Eu dGdlbi5vcmcxGTAXBgNVBAMTEEdsb2J1cyBTaW1wbGUgQ0EwHhcNMTEwOTI5MjIw NzE5WhcNMTIwOTI4MjIwNzE5WjBmMQ0wCwYDVQQKEwRHcmlkMRMwEQYDVQQLEwpH bG9idXNUZXN0MSEwHwYDVQQLExhzaW1wbGVDQS1tZWR1c2EudGdlbi5vcmcxHTAb BgNVBAMTFGhvc3QvbWVkdXNhLnRnZW4ub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDriVfoRA7z8MxQ3FinxVr9FXQSItAvi791PtQROUQu7KHnkaLc2dvr veQeweQTRBvo7ZurTECgJY62XwYla+8oUFy0UxUJBMyTRYNnN1xacoSuQd+yfRMu 6qFtJj+5aWlFZUsYuWQSo0isFzTGcFs3ARC5VawjoUCJaVv9LLv7VQIDAQABoxUw EzARBglghkgBhvhCAQEEBAMCBPAwDQYJKoZIhvcNAQEEBQADgYEAVomYIE5owLdw StAYFZfp3QOGPGgBy11qhx6UQvx5rwSyKtxwP/Ljw7LfqCmk9XwYfz5VJO5A9dMz 0c92SwOD+ZiqT4J8vT9Zs3ZPQ7CidcaIORvx43BUbj/0VG+jipBIC/vjfWjlgRLb LhCiOmZ8+EtWH0xKTdoD+MO6jfzClkw= -----END CERTIFICATE----- subject=/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=host/medusa.tgen.org issuer=/O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=Globus Simple CA --- Acceptable client certificate CA names /O=Grid/OU=GlobusTest/OU=simpleCA-medusa.tgen.org/CN=Globus Simple CA --- SSL handshake has read 893 bytes and written 337 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : DES-CBC3-SHA Session-ID: 8F3B2D96FF92BB1D041970598CF28B5635A8B9098FACA9D3B8C1E3DE6CC1235B Session-ID-ctx: Master-Key: A025B7752A5AA1478004CDCF9D081EAC9AFAFC6E32F95642B4898524BA2542D57B29452B6F072D7C8D9725AA530B061A Key-Arg : None Krb5 Principal: None Start Time: 1317335367 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- Running openssl x509 -in /etc/grid-security/hostcert.pem -text -noout returns: Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: O=Grid, OU=GlobusTest, OU=simpleCA-medusa.tgen.org, CN=Globus Simple CA Validity Not Before: Sep 29 22:07:19 2011 GMT Not After : Sep 28 22:07:19 2012 GMT Subject: O=Grid, OU=GlobusTest, OU=simpleCA-medusa.tgen.org, CN=host/medusa.tgen.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:eb:89:57:e8:44:0e:f3:f0:cc:50:dc:58:a7:c5: 5a:fd:15:74:12:22:d0:2f:8b:bf:75:3e:d4:11:39: 44:2e:ec:a1:e7:91:a2:dc:d9:db:eb:bd:e4:1e:c1: e4:13:44:1b:e8:ed:9b:ab:4c:40:a0:25:8e:b6:5f: 06:25:6b:ef:28:50:5c:b4:53:15:09:04:cc:93:45: 83:67:37:5c:5a:72:84:ae:41:df:b2:7d:13:2e:ea: a1:6d:26:3f:b9:69:69:45:65:4b:18:b9:64:12:a3: 48:ac:17:34:c6:70:5b:37:01:10:b9:55:ac:23:a1: 40:89:69:5b:fd:2c:bb:fb:55 Exponent: 65537 (0x10001) X509v3 extensions: Netscape Cert Type: SSL Client, SSL Server, S/MIME, Object Signing Signature Algorithm: md5WithRSAEncryption 56:89:98:20:4e:68:c0:b7:70:4a:d0:18:15:97:e9:dd:03:86: 3c:68:01:cb:5d:6a:87:1e:94:42:fc:79:af:04:b2:2a:dc:70: 3f:f2:e3:c3:b2:df:a8:29:a4:f5:7c:18:7f:3e:55:24:ee:40: f5:d3:33:d1:cf:76:4b:03:83:f9:98:aa:4f:82:7c:bd:3f:59: b3:76:4f:43:b0:a2:75:c6:88:39:1b:f1:e3:70:54:6e:3f:f4: 54:6f:a3:8a:90:48:0b:fb:e3:7d:68:e5:81:12:db:2e:10:a2: 3a:66:7c:f8:4b:56:1f:4c:4a:4d:da:03:f8:c3:ba:8d:fc:c2: 96:4c Any ideas how to compare? -Ashoka |
||