[GE users] csp problem

Co Thai Ngo cngo at nmsu.edu
Wed Oct 6 21:03:04 BST 2004


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]

Andre, 
 
Here are the output of openssl: 
 
acacia# /usr/bin/openssl version 
OpenSSL 0.9.6g 9 Aug 2002 
 
acacia# /usr/pkg/sge/utilbin/nbsd-i386/openssl version 
OpenSSL 0.9.6m 17 Mar 2004 
 
Thank you, 
 
Co 
 
Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>: 
 
> Hi, 
>  
> can you send me the output of: 
>  
> $SGE_ROOT/utilbin/<arch>/openssl version 
>  
> and 
>  
> /usr/bin/openssl version 
>  
> As I mentioned already there had been a change during 5.3 patch releases, 
> where uniqueIdentifier had been replaced with userId. If the wrong openssl 
> binary is called accidentally by the sge_ca script it cannot work 
> correctly. 
>  
> Andre 
>  
> Co Thai Ngo wrote: 
> > Andre,  
> >   
> > I've tried both install_qmaster -csp and sge_ca -init on the master node as 
>  
> > described in the webpage you mentioned. Anh both of them gave the same 
> output:  
> >   
> > ---------------  
> >   
> > Initializing Certificate Authority (CA) for OpenSSL security framework  
> > ----------------------------------------------------------------------  
> >   
> >   
> > Creating CA certificate and private key  
> > ---------------------------------------  
> > Please give some basic parameters to create the distinguished name (DN)  
> >   
> > You selected the following basic data for the distinguished name of  
> > your certificates:  
> >   
> > Country code:         C=US  
> > State:                ST=NM  
> > Location:             L=LC  
> > Organization:         O=NMSU  
> > Organizational unit:  OU=Biology  
> > CA email address:     emailAddress=cngo at nmsu.edu  
> >   
> > Do you want to use these data (y/n) [y] >> y  
> >   
> > Creating RANDFILE in >/var/sgeCA/sge_commd/default/private/rand.seed<  
> > Creating CA certificate and private key  
> > Using configuration from /tmp/sge_ca121018.tmp  
> > Generating a 1024 bit RSA private key  
> > ....................++++++  
> > ...............++++++  
> > writing new private key to '/var/sgeCA/sge_commd/default/private/cakey.pem' 
>  
> > -----  
> > problems making Certificate Request  
> > 11222:error:0B083077:x509 certificate  
> > routines:X509_NAME_ENTRY_create_by_txt:invalid field nam                    
>                            
> > e:x509name.c:285:name=userId  
> >   
> > Command failed: /usr/pkg/sge/utilbin/nbsd-i386/openssl req -md5 -nodes 
> -config  
> > /tmp/sge_ca1210                                              18.tmp -new 
> -x509  
> > -keyout /var/sgeCA/sge_commd/default/private/cakey.pem -out 
> /usr/pkg/sge/def                                               
> > ault/common/sgeCA/cacert.pem  
> >   
> > Probably a permission problem. Please check file access permissions.  
> > Check root read/write permission. Check if SGE daemons are running.  
> >   
> > ---------------  
> >   
> > Here is the files created by sgeCA:  
> >   
> > ---------  
> >   
> > acacia# pwd  
> > /usr/pkg/sge/default/common/sgeCA  
> > acacia# ll  
> > total 5  
> > drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 certs  
> > drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 crl  
> > -rw-r--r--  1 sgeadmin  sgeadmin   34 Oct  6 09:15 dn.info  
> > -rw-r--r--  1 sgeadmin  sgeadmin    0 Oct  6 09:14 index.txt  
> > drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 newcerts  
> > -rw-r--r--  1 sgeadmin  sgeadmin    3 Oct  6 09:14 serial  
> > acacia#  
> >   
> > acacia# pwd  
> > /var/sgeCA/sge_commd/default/private  
> > acacia# ll  
> > total 2  
> > -rw-------  1 sgeadmin  wheel   887 Oct  6 09:15 cakey.pem  
> > -rw-------  1 sgeadmin  wheel  1024 Oct  6 09:15 rand.seed  
> > acacia#  
> >   
> > --------------  
> >   
> > Thank you,  
> >   
> > Co  
> >   
> > Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>:  
> >   
> >  
> >>Hi,  
> >>  
> >>Can you send me the requested output as well ;)  
> >>The error you get might be related to openssl-0.9.6m. There had been  
> >>an upgrade to openssl-0.9.7x that required a change in the sgeCA/*  
> >>files. There had been renamings of some cert fields between these  
> >>versions.  
> >>Have you tried to follow the descriptions under:  
> >> 
> >  
> > 
> 
http://gridengine.sunsource.net/unbranded-source/browse/%7Echeckout%7E/gridengine/source/security/sec/csp.html 
>  
> >  
> >>  
> >>You can run the cert generation script also standalone.  
> >>  
> >>On master host as root do:  
> >>  
> >>root % cd $SGE_ROOT  
> >>root % source default/common/settings.csh  
> >>root % util/sgeCA/sge_ca -init  
> >>  
> >>Please send me the output of this command. It should use the openssl   
> >>command that is shipped with GE.  
> >>  
> >>Andre  
> >>  
> >>On Tue, 2004-10-05 at 17:05, Co Thai Ngo wrote:  
> >> 
> >>>Hi,   
> >>>   
> >>>The version of openssl that I'm using is openssl-0.9.6m and here is the  
> >> 
> >>output   
> >> 
> >>>of ldd:   
> >>>   
> >>>------------   
> >>>acacia: {9} ldd openssl   
> >>>openssl:   
> >>>         -lc.12 => /usr/lib/libc.so.12   
> >>>         -lcrypto.300 => /usr/pkg/lib/libcrypto.so.300   
> >>>         -lssl.300 => /usr/pkg/lib/libssl.so.300   
> >>>acacia: {10}   
> >>>--------------   
> >>>   
> >>>Thank you very much for your help,   
> >>>   
> >>>Co   
> >>>   
> >>>Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>:   
> >>>   
> >>> 
> >>>>Hi,   
> >>>>   
> >>>>is it possible that a wrong openssl library is used ?   
> >>>>Can you do a ldd $SGE_ROOT/utilbin/<arch>/openssl and   
> >>>>$SGE_ROOT/utilbin/<arch>/openssl version   
> >>>>and send me the output ?   
> >>>>   
> >>>>Andre   
> >>>>   
> >>>>Co Thai Ngo wrote:   
> >>>> 
> >>>>>Yes, I'm using the SGE 5.3 package for NetBSD. When I run  
> >> 
> >>install_qmaster   
> >> 
> >>>>   
> >>>> 
> >>>>>without csp option, I've got no problem. The problem comes when I run  
>  
> >> 
> >>  
> >> 
> >>>>>install_qmater with csp.    
> >>>>>Thank you,    
> >>>>>    
> >>>>>Co     
> >>>>>     
> >>>>>Quoting Rayson Ho <raysonho at eseenet.com>:    
> >>>>>    
> >>>>>   
> >>>>> 
> >>>>>>>if you used the Sun pkgadd packages did you make sure to install all  
>  
> >> 
> >>  
> >> 
> >>>>>>>patches as well?    
> >>>>>> 
> >>>>>>  
> >>>>>>   
> >>>>>>He is using the package for NetBSD, not the one for Solaris...    
> >>>>>>   
> >>>>>>  
> >>>>>> 
> >>>>>>>We have both, SGE 5.3 and SGE 6.0 available for download - I     
> >>>>>>>suggest using 6.0 unless there is a specific reason to stay with     
> >>>>>>>5.3.    
> >>>>>> 
> >>>>>>  
> >>>>>>   
> >>>>>>SGE 6.0 isn't ready for *BSD yet :(     
> >>>>>>   
> >>>>>>Rayson    
> >>>>>>   
> >>>>>>   
> >>>>>>  
> >>>>>> 
> >>>>>>>Andy    
> >>>>>> 
> >>>>>>  
> >>>>>>---------------------------------------------------------    
> >>>>>>Get your FREE E-mail account at http://www.eseenet.com !    
> >>>>>>   
> >>>>>>---------------------------------------------------------------------  
>  
> >> 
> >>  
> >> 
> >>>>>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net    
> >>>>>>For additional commands, e-mail: users-help at gridengine.sunsource.net  
>  
> >> 
> >>  
> >> 
> >>>>>>   
> >>>>>>   
> >>>>> 
> >>>>>   
> >>>>>    
> >>>>>    
> >>>>>--     
> >>>>>Co Thai Ngo     
> >>>>>Dept. of Biology      
> >>>>>New Mexico State University      
> >>>>>   
> >>>>>---------------------------------------------------------------------  
> >> 
> >>  
> >> 
> >>>>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net   
> >>>>>For additional commands, e-mail: users-help at gridengine.sunsource.net   
> >>>>>   
> >>>> 
> >>>>   
> >>>>--    
> >>>>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
>  
> >> 
> >>-   
> >> 
> >>>>Andre Alefeld                Phone: ++49 (0)941 3075-255   
> >>>>Software Engineering         Fax:   ++49 (0)941 3075-222   
> >>>>Sun Microsystems GmbH   
> >>>>Dr.-Leo-Ritter-Str. 7	     mailto: andre.alefeld at sun.com   
> >>>>D-93049 Regensburg           http://www.sun.com/grid  
> >>>>   
> >>>>   
> >>>>---------------------------------------------------------------------   
> >>>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net   
> >>>>For additional commands, e-mail: users-help at gridengine.sunsource.net   
> >>>>   
> >>>>   
> >>> 
> >>>  
> >>>---------------------------------------------------------------------  
> >>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net  
> >>>For additional commands, e-mail: users-help at gridengine.sunsource.net  
> >>>  
> >> 
> >>  
> >>  
> >>---------------------------------------------------------------------  
> >>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net  
> >>For additional commands, e-mail: users-help at gridengine.sunsource.net  
> >>  
> >>  
> >  
> >   
> >   
> >  
> > --------------------------------------------------------------------- 
> > To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net 
> > For additional commands, e-mail: users-help at gridengine.sunsource.net 
> >  
>  
> --  
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> Andre Alefeld                Phone: ++49 (0)941 3075-255 
> Software Engineering         Fax:   ++49 (0)941 3075-222 
> Sun Microsystems GmbH 
> Dr.-Leo-Ritter-Str. 7	     mailto: andre.alefeld at sun.com 
> D-93049 Regensburg           http://www.sun.com/grid 
>  
>  
> --------------------------------------------------------------------- 
> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net 
> For additional commands, e-mail: users-help at gridengine.sunsource.net 
>  
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list