perfsonar-user - [perfsonar-user] Re: [perf-node-users] certificate error with the toolkit ?
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: jim warner <>
- To:
- Cc: Performance Node Users <>,
- Subject: [perfsonar-user] Re: [perf-node-users] certificate error with the toolkit ?
- Date: Thu, 11 Nov 2010 07:39:19 -0800
I tried this; it had no effect. And when I click on the broken padlock (using chrome as the browser), the date on the cert is the date I switched this computer from 3.1.3 to 3.2. So it DID generate a new certificate and that it did this without changing the serial number probably IS the problem. And the two lines you suggested are generating a new certificate but -- somehow -- not putting into place where it will get used. Here are the some of the lines that appear from the 'generate_cert' script:
> /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out >/etc/pki/tls/certs/localhost.crt -set_serial 0
>You are about to be asked to enter information that will be incorporated
>into your certificate request.
>What you are about to enter is what is called a Distinguished Name or a DN.
>There are quite a few fields but you can leave some blank
>For some fields there will be a default value,
>If you enter '.', the field will be left blank.
It appears that the serial number is hard coded in the script.
On 11/10/2010 12:19 PM, Jason Zurawski wrote:
Hi Jim;
On 11/10/10 12:21 PM, jim warner wrote:
When I attempt to authenticate through the browser to admin the toolkit,
Firefox is giving me an error message:
Your certificate contains the same serial number as another
certificate issued by the certificate authority. Please get a new
certificate containing a unique serial number.
(Error code: sec_error_reused_issuer_and_serial)
We are running two instances of Perfsonar on separate computers.
Actually we might
have more than that. Could that have something to do with this message?
These
are liveCDs. I don't think I saw anything in the release notes about
this. This is not
an error that FireFox will allow me to click through. This is release 3.2.
Try this:
1) Remove '/etc/pki/tls/private/localhost.key'
2) Run 'sudo /etc/init.d/generate_cert_init_script start'
When upgrading to 3.2 it should have re-generated this script automatically, but these steps will force that step again.
Thanks;
-jason
- [perfsonar-user] Re: [perf-node-users] certificate error with the toolkit ?, jim warner, 11/11/2010
- Re: [perfsonar-user] Re: [perf-node-users] certificate error with the toolkit ?, Andrew Lake, 11/11/2010
- Message not available
- Re: [perfsonar-user] Re: [perf-node-users] certificate error with the toolkit ?, Andrew Lake, 11/11/2010
- Message not available
- Re: [perfsonar-user] Re: [perf-node-users] certificate error with the toolkit ?, Andrew Lake, 11/11/2010
- Message not available
- Re: [perfsonar-user] Re: [perf-node-users] certificate error with the toolkit ?, Andrew Lake, 11/11/2010
- Message not available
- Re: [perfsonar-user] Re: [perf-node-users] certificate error with the toolkit ?, Andrew Lake, 11/11/2010
Archive powered by MHonArc 2.6.16.