[GE users] csp problem

Ron Chen ron_chen_123 at yahoo.com
Sun Oct 17 05:54:53 BST 2004


So what was the cause of the problem?

Please also cc Dan so that he can fix it in the NetBSD
tree.

 -Ron


--- Co Thai Ngo <cngo at nmsu.edu> wrote:
> Hi Andre, 
>  
> Sorry for late response. I was busy with somethings
> else. I've just tried to 
> change the files as your advice and IT WORKS. Thank
> you very much for your 
> help. 
>  
> Co  
>  
> Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>: 
>  
> > Hi, 
> >  
> > the NetBSD packages seem to contain either the
> wrong openssl version or 
> > the wrong scripts. 
> > To fix you issue you have to edit the following
> three files and replace all 
> > occurences of 
> > userId with uniqueIdentifier: 
> >  
> > $SGE_ROOT/util/sgeCA/sge_ca 
> >  
> > $SGE_ROOT/util/sgeCA/sge_ssl.cnf 
> >  
> > $SGE_ROOT/util/sgeCA/sge_ssl_template.cnf 
> >  
> > Check if everything has been replaced with: 
> > grep userId $SGE_ROOT/util/sgeCA/* 
> >  
> > Then retry the installation. 
> >  
> >  
> > Andre 
> >  
> > Co Thai Ngo wrote: 
> > > Andre,  
> > >   
> > > Here are the output of openssl:  
> > >   
> > > acacia# /usr/bin/openssl version  
> > > OpenSSL 0.9.6g 9 Aug 2002  
> > >   
> > > acacia# /usr/pkg/sge/utilbin/nbsd-i386/openssl
> version  
> > > OpenSSL 0.9.6m 17 Mar 2004  
> > >   
> > > Thank you,  
> > >   
> > > Co  
> > >   
> > > Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>:  
> > >   
> > >  
> > >>Hi,  
> > >>  
> > >>can you send me the output of:  
> > >>  
> > >>$SGE_ROOT/utilbin/<arch>/openssl version  
> > >>  
> > >>and  
> > >>  
> > >>/usr/bin/openssl version  
> > >>  
> > >>As I mentioned already there had been a change
> during 5.3 patch releases, 
> >  
> > >>where uniqueIdentifier had been replaced with
> userId. If the wrong openssl 
> >  
> > >>binary is called accidentally by the sge_ca
> script it cannot work  
> > >>correctly.  
> > >>  
> > >>Andre  
> > >>  
> > >>Co Thai Ngo wrote:  
> > >> 
> > >>>Andre,   
> > >>>   
> > >>>I've tried both install_qmaster -csp and sge_ca
> -init on the master node 
> > as  
> > >> 
> > >>  
> > >> 
> > >>>described in the webpage you mentioned. Anh
> both of them gave the same  
> > >> 
> > >>output:   
> > >> 
> > >>>   
> > >>>---------------   
> > >>>   
> > >>>Initializing Certificate Authority (CA) for
> OpenSSL security framework   
> >
>
>>>----------------------------------------------------------------------
>   
> > >>>   
> > >>>   
> > >>>Creating CA certificate and private key   
> > >>>---------------------------------------   
> > >>>Please give some basic parameters to create the
> distinguished name (DN)  
> >  
> > >>>   
> > >>>You selected the following basic data for the
> distinguished name of   
> > >>>your certificates:   
> > >>>   
> > >>>Country code:         C=US   
> > >>>State:                ST=NM   
> > >>>Location:             L=LC   
> > >>>Organization:         O=NMSU   
> > >>>Organizational unit:  OU=Biology   
> > >>>CA email address:    
> emailAddress=cngo at nmsu.edu   
> > >>>   
> > >>>Do you want to use these data (y/n) [y] >> y   
> > >>>   
> > >>>Creating RANDFILE in
> >/var/sgeCA/sge_commd/default/private/rand.seed<   
> > >>>Creating CA certificate and private key   
> > >>>Using configuration from /tmp/sge_ca121018.tmp 
>  
> > >>>Generating a 1024 bit RSA private key   
> > >>>....................++++++   
> > >>>...............++++++   
> > >>>writing new private key to 
> > '/var/sgeCA/sge_commd/default/private/cakey.pem'  
> > >> 
> > >>  
> > >> 
> > >>>-----   
> > >>>problems making Certificate Request   
> > >>>11222:error:0B083077:x509 certificate   
> > >>>routines:X509_NAME_ENTRY_create_by_txt:invalid
> field nam                   
> >   
> > >> 
> > >>                            
> > >> 
> > >>>e:x509name.c:285:name=userId   
> > >>>   
> > >>>Command failed:
> /usr/pkg/sge/utilbin/nbsd-i386/openssl req -md5
> -nodes  
> > >> 
> > >>-config   
> > >> 
> > >>>/tmp/sge_ca1210                                
>              18.tmp -new 
> >  
> > >> 
> > >>-x509   
> > >> 
> > >>>-keyout
> /var/sgeCA/sge_commd/default/private/cakey.pem -out 
> 
> > >> 
> > >>/usr/pkg/sge/def                                
>                
> > >> 
> > >>>ault/common/sgeCA/cacert.pem   
> > >>>   
> > >>>Probably a permission problem. Please check
> file access permissions.   
> > >>>Check root read/write permission. Check if SGE
> daemons are running.   
> > >>>   
> > >>>---------------   
> > >>>   
> > >>>Here is the files created by sgeCA:   
> > >>>   
> > >>>---------   
> > >>>   
> > >>>acacia# pwd   
> > >>>/usr/pkg/sge/default/common/sgeCA   
> > >>>acacia# ll   
> > >>>total 5   
> > >>>drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6
> 09:14 certs   
> > >>>drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6
> 09:14 crl   
> > >>>-rw-r--r--  1 sgeadmin  sgeadmin   34 Oct  6
> 09:15 dn.info   
> > >>>-rw-r--r--  1 sgeadmin  sgeadmin    0 Oct  6
> 09:14 index.txt   
> > >>>drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6
> 09:14 newcerts   
> > >>>-rw-r--r--  1 sgeadmin  sgeadmin    3 Oct  6
> 09:14 serial   
> > >>>acacia#   
> > >>>   
> > >>>acacia# pwd   
> > >>>/var/sgeCA/sge_commd/default/private   
> > >>>acacia# ll   
> > >>>total 2   
> > >>>-rw-------  1 sgeadmin  wheel   887 Oct  6
> 09:15 
=== message truncated ===



		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list