Users certificate errors

From Begrid Wiki
Revision as of 09:14, 9 June 2021 by Maintenance script (talk | contribs) (Created page with " == Common errors == ==== sslv3_alert_bad_certificate ==== <pre> Connection failed: SSL_ERROR_SSL error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Common errors

sslv3_alert_bad_certificate

Connection failed: SSL_ERROR_SSL
error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
SSL connect failed in tcp_connect()
Error code: SOAP-ENV:Client

= Diagnosis

This exact error message typically occurs when a proxy is generated on a glite 3.1 UI. These proxies are incompatible with glite 3.0 RB's due to differences in Globus versions:

  • The glite 3.1 UI is based on VDT 1.6+ which in turn is based on GT4. The default proxies generated by GT4 are 'gt4 pre-rfc' proxies as can be seen here:
o	[abulanza@gridy11 ~]$ grid-proxy-info
o	subject  : /C=BE/O=BEGRID/OU=IIHE/OU=ULB-VUB/CN=Antal Bulanza/CN=1360011799
o	issuer   : /C=BE/O=BEGRID/OU=IIHE/OU=ULB-VUB/CN=Antal Bulanza
o	identity : /C=BE/O=BEGRID/OU=IIHE/OU=ULB-VUB/CN=Antal Bulanza
o	type     : Proxy draft (pre-RFC) compliant impersonation proxy
o	strength : 512 bits
o	path     : /tmp/x509up_u19694
o	timeleft : 11:59:54
  • The glite 3.0 RB is based on VDT 1.2.4 which is turn is based on GT2.4. It only accepts old style proxies.
  • Solution

You should be using voms-proxy-init 

 
voms-proxy-init --voms your_vo_name

but should also be able to get away with a 

 grid-proxy-init -old

on the UI.

More info here: http://goc.grid.sinica.edu.tw/gocwiki/sslv3_alert_bad_certificate

User unknown to this VO

[usename@gridy11 ~]$ voms-proxy-init -voms betest Cannot find file or 
 dir: /home/username/.glite/vomses Enter GRID pass phrase:
 Your identity: /C=BE/O=BEGRID/OU=YourDpt/OU=YourOrg/CN=USer Name Creating 
 temporary proxy .................................................... 
 Do ne Contacting  bdii.iihe.ac.be:18003 
 [/C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=bdii.iih
 e.ac.be] "betest" Failed

 Error: betest: User unknown to this VO.

 Trying next server for betest.
 Creating temporary proxy ................................... Done 
 Contacting  voms.begrid.be:18003 
 [/C=BE/O=BEGRID/OU=BEgrid/OU=BELNET/CN=voms.begrid.be] "betest" Failed

 Error: betest: User unknown to this VO.
  • Solution:

You might be using a different/wrong certificate. Please check that the certificate is the one valid in the BEgrid servers (VOMS, BDii)

Please request a new membership to the betest VO with your "new" certificate: https://voms.begrid.be:8443/voms/betest/webui/request/user/create (and make sure you have imported your current certificate on your browser before). In the future, make sure to keep the same DN when renewing certificates.

Bad_credentials

lfc-ls /grid/betest/
send2nsd: NS002 - send error : No valid credential found
/grid/betest/: Bad credentials
  • Solution

Check that you have a valid proxy.

Back to Troubleshooting


Template:TracNotice

Retrieved from "https://wiki.begrid.be/index.php?title=Users_certificate_errors&oldid=135"