[gridshib-user] Problem with GridShibCA 0.6.0
vwelch at uiuc.edu
Tue Mar 25 17:18:53 CDT 2008
Are you sure the GS-CA certificate is installed in
/etc/grid-security/certificates (and has the right permissions)?
Tom Scavo wrote:
> Well, I just did a fresh install of ws-core-4.0.5 and tried again.
> Same error. (I'm just following the Quick Start.)
> On Tue, Mar 25, 2008 at 5:34 PM, Von Welch <vwelch at uiuc.edu> wrote:
>> So this doesn't happen if you use a container that doesn't have
>> GS4GT installed?
>> Tom Scavo wrote:
>> > On Tue, Mar 25, 2008 at 1:31 PM, Giulio Galiero <giulio.galiero at eng.it> wrote:
>> >> Contacting the SecurityContextEchoService through your gridshibecho client
>> >> results in the following error from the container logs:
>> >> ERROR container.GSIServiceThread [ServiceThread-3,process:147] Error
>> >> processing request
>> >> Authentication failed. Caused by Failure unspecified at GSS-API level.
>> >> Caused by COM.claymoresystems.ptls.SSLThrewAlertException: Bad certificate
>> >> (The signature of 'DC=edu,DC=uiuc,DC=ncsa,DC=computer,O=Shibboleth
>> >> User,OU=https://idp.protectnetwork.org/protectnetwork-idp,CNfirstname.lastname@example.org'
>> >> certificate does not match its issuer)
>> > I can replicate this error. When I try to start a secure container
>> > using a GridShib CA-issued EEC, I get the following:
>> > 2008-03-25 14:46:47,837 ERROR container.GSIServiceThread
>> > [ServiceThread-1,process:141] Error processing request
>> > java.io.EOFException
>> > at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:56)
>> > at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:60)
>> > at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:122)
>> > at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
>> > at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>> > at org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:98)
>> > at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>> > Failed to obtain a list of services from
>> > 'https://192.168.1.106:8443/wsrf/services/ContainerRegistryService'
>> > service: ; nested exception is:
>> > org.globus.common.ChainedIOException: Authentication failed [Caused by:
>> > Failure unspecified at GSS-API level [Caused by: Bad certificate (The
>> > signature of 'DC=edu,DC=uiuc,DC=ncsa,DC=computer,O=Shibboleth
>> > User,OU=https://idp.protectnetwork.org/protectnetwork-idp,CNemail@example.com'
>> > certificate does not match its issuer)]]
>> > We had some problems with the GridShib CA cert since GS4GT v0.6.0
>> > Alpha was released, so I'm trying to think how that might be related.
>> > Tom
More information about the gridshib-user