[GE users] csp problem

Co Thai Ngo cngo at nmsu.edu
Wed Oct 6 16:20:42 BST 2004


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]

Andre, 
 
I've tried both install_qmaster -csp and sge_ca -init on the master node as 
described in the webpage you mentioned. Anh both of them gave the same output: 
 
--------------- 
 
Initializing Certificate Authority (CA) for OpenSSL security framework 
---------------------------------------------------------------------- 
 
 
Creating CA certificate and private key 
--------------------------------------- 
Please give some basic parameters to create the distinguished name (DN) 
 
You selected the following basic data for the distinguished name of 
your certificates: 
 
Country code:         C=US 
State:                ST=NM 
Location:             L=LC 
Organization:         O=NMSU 
Organizational unit:  OU=Biology 
CA email address:     emailAddress=cngo at nmsu.edu 
 
Do you want to use these data (y/n) [y] >> y 
 
Creating RANDFILE in >/var/sgeCA/sge_commd/default/private/rand.seed< 
Creating CA certificate and private key 
Using configuration from /tmp/sge_ca121018.tmp 
Generating a 1024 bit RSA private key 
....................++++++ 
...............++++++ 
writing new private key to '/var/sgeCA/sge_commd/default/private/cakey.pem' 
----- 
problems making Certificate Request 
11222:error:0B083077:x509 certificate 
routines:X509_NAME_ENTRY_create_by_txt:invalid field nam                                              
e:x509name.c:285:name=userId 
 
Command failed: /usr/pkg/sge/utilbin/nbsd-i386/openssl req -md5 -nodes -config 
/tmp/sge_ca1210                                              18.tmp -new -x509 
-keyout /var/sgeCA/sge_commd/default/private/cakey.pem -out /usr/pkg/sge/def                                              
ault/common/sgeCA/cacert.pem 
 
Probably a permission problem. Please check file access permissions. 
Check root read/write permission. Check if SGE daemons are running. 
 
--------------- 
 
Here is the files created by sgeCA: 
 
--------- 
 
acacia# pwd 
/usr/pkg/sge/default/common/sgeCA 
acacia# ll 
total 5 
drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 certs 
drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 crl 
-rw-r--r--  1 sgeadmin  sgeadmin   34 Oct  6 09:15 dn.info 
-rw-r--r--  1 sgeadmin  sgeadmin    0 Oct  6 09:14 index.txt 
drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 newcerts 
-rw-r--r--  1 sgeadmin  sgeadmin    3 Oct  6 09:14 serial 
acacia# 
 
acacia# pwd 
/var/sgeCA/sge_commd/default/private 
acacia# ll 
total 2 
-rw-------  1 sgeadmin  wheel   887 Oct  6 09:15 cakey.pem 
-rw-------  1 sgeadmin  wheel  1024 Oct  6 09:15 rand.seed 
acacia# 
 
-------------- 
 
Thank you, 
 
Co 
 
Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>: 
 
> Hi, 
>  
> Can you send me the requested output as well ;) 
> The error you get might be related to openssl-0.9.6m. There had been 
> an upgrade to openssl-0.9.7x that required a change in the sgeCA/* 
> files. There had been renamings of some cert fields between these 
> versions. 
> Have you tried to follow the descriptions under: 
> 
http://gridengine.sunsource.net/unbranded-source/browse/%7Echeckout%7E/gridengine/source/security/sec/csp.html 
>  
> You can run the cert generation script also standalone. 
>  
> On master host as root do: 
>  
> root % cd $SGE_ROOT 
> root % source default/common/settings.csh 
> root % util/sgeCA/sge_ca -init 
>  
> Please send me the output of this command. It should use the openssl  
> command that is shipped with GE. 
>  
> Andre 
>  
> On Tue, 2004-10-05 at 17:05, Co Thai Ngo wrote: 
> > Hi,  
> >   
> > The version of openssl that I'm using is openssl-0.9.6m and here is the 
> output  
> > of ldd:  
> >   
> > ------------  
> > acacia: {9} ldd openssl  
> > openssl:  
> >          -lc.12 => /usr/lib/libc.so.12  
> >          -lcrypto.300 => /usr/pkg/lib/libcrypto.so.300  
> >          -lssl.300 => /usr/pkg/lib/libssl.so.300  
> > acacia: {10}  
> > --------------  
> >   
> > Thank you very much for your help,  
> >   
> > Co  
> >   
> > Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>:  
> >   
> > > Hi,  
> > >   
> > > is it possible that a wrong openssl library is used ?  
> > > Can you do a ldd $SGE_ROOT/utilbin/<arch>/openssl and  
> > > $SGE_ROOT/utilbin/<arch>/openssl version  
> > > and send me the output ?  
> > >   
> > > Andre  
> > >   
> > > Co Thai Ngo wrote:  
> > > > Yes, I'm using the SGE 5.3 package for NetBSD. When I run 
> install_qmaster  
> > >   
> > > > without csp option, I've got no problem. The problem comes when I run  
>  
> > > > install_qmater with csp.   
> > > > Thank you,   
> > > >    
> > > > Co    
> > > >     
> > > > Quoting Rayson Ho <raysonho at eseenet.com>:   
> > > >    
> > > >   
> > > >>>if you used the Sun pkgadd packages did you make sure to install all  
>  
> > > >>>patches as well?   
> > > >>  
> > > >>   
> > > >>He is using the package for NetBSD, not the one for Solaris...   
> > > >>   
> > > >>  
> > > >>>We have both, SGE 5.3 and SGE 6.0 available for download - I    
> > > >>>suggest using 6.0 unless there is a specific reason to stay with    
> > > >>>5.3.   
> > > >>  
> > > >>   
> > > >>SGE 6.0 isn't ready for *BSD yet :(    
> > > >>   
> > > >>Rayson   
> > > >>   
> > > >>   
> > > >>  
> > > >>>Andy   
> > > >>  
> > > >>---------------------------------------------------------   
> > > >>Get your FREE E-mail account at http://www.eseenet.com !   
> > > >>   
> > > >>---------------------------------------------------------------------  
>  
> > > >>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net   
> > > >>For additional commands, e-mail: users-help at gridengine.sunsource.net  
>  
> > > >>   
> > > >>   
> > > >   
> > > >    
> > > >    
> > > > --    
> > > > Co Thai Ngo    
> > > > Dept. of Biology     
> > > > New Mexico State University     
> > > >   
> > > > --------------------------------------------------------------------- 
>  
> > > > To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net  
> > > > For additional commands, e-mail: users-help at gridengine.sunsource.net  
> > > >   
> > >   
> > > --   
> > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> -  
> > > Andre Alefeld                Phone: ++49 (0)941 3075-255  
> > > Software Engineering         Fax:   ++49 (0)941 3075-222  
> > > Sun Microsystems GmbH  
> > > Dr.-Leo-Ritter-Str. 7	     mailto: andre.alefeld at sun.com  
> > > D-93049 Regensburg           http://www.sun.com/grid 
> > >   
> > >   
> > > ---------------------------------------------------------------------  
> > > To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net  
> > > For additional commands, e-mail: users-help at gridengine.sunsource.net  
> > >   
> > >   
> >  
> > --------------------------------------------------------------------- 
> > To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net 
> > For additional commands, e-mail: users-help at gridengine.sunsource.net 
> >  
>  
>  
> --------------------------------------------------------------------- 
> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net 
> For additional commands, e-mail: users-help at gridengine.sunsource.net 
>  
>  
 
 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list