SSL Error on running BES++

**nopparat** · September 1st, 2009 02:05 PM

Hi,

I'm working on creating BES++ support for LAVA scheduler by adapting LSF module. Right now i'm testing it by running besserver and besclient but there's error when i tried to connect them.

Client:

[root@lava-i386 ~]# /root/bespp/besclient/besclient -u root -p "password" -e /root/bespp/endpoint.xml -c /root/certs/ create /root/bespp/besclient/sleep.jsdl
SSL verify error or warning with certificate at depth 0: self signed certificate
certificate issuer /C=TH/ST=Bangkok/L=Kasetsart/O=HPCNC/CN=lava
certificate subject /C=TH/ST=Bangkok/L=Kasetsart/O=HPCNC/CN=lava
SOAP 1.1 fault: SOAP-ENV:Client [no subcode]
"SSL_ERROR_SSL
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
Detail: [no detail]

Server:

[root@lava-i386 besclient]# /root/bespp/besserver/besserver -u root -s /root/host.pem -c /root/certs -p 11111 -e https://localhost:11111
Enter PEM pass phrase:
Socket connection successful: 4
Tue Sep 1 20:00:00 2009
Accepted connection
SOAP 1.1 fault: SOAP-ENV:Server [no subcode]
"SSL_ERROR_SSL
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca"
Detail: [no detail]

Is it because I used the self-signed certificate from my server? If it isn't, could you guide me how to test/run BES++ on server?

Thanks

**csmith** · September 3rd, 2009 10:13 PM

The OpenSSL layer is quite sensitive to having the certificate chain and everything set up properly. In this case it's telling you that it doesn't recognize your host certificate as trusted based on the files in the client's 'certs' directory.

Try creating the hash link to your host's self-signed certificate in the /root/certs directory. You need to do something like:

cd /root/certs
cp /root/host.pem .
ln -s host.pem `openssl x509 -noout -hash -in host.pem`.0

This will create the hash link to your host's certificate and should make it "trusted" by the SSL client.

**nopparat** · September 4th, 2009 09:18 AM

Thank you very much for your advice. Now i can run BES++ well on my LAVA cluster. Now i'm think we're ready to commit Lava patch on BES++. How do you like us to send our patch to your repository?

**csmith** · September 4th, 2009 10:03 PM

Great! Do you mind if I review a diff of the code changes? I'll provide you my email address in a personal message. After that, either I can check it in for you, or if you have a sourceforge account I can give you the right to check in code changes.

**nopparat** · September 7th, 2009 06:41 AM

OK. The patch was sent. Please feel free to do anything with the code.

Glad to contribute and work with your team

**csmith** · September 9th, 2009 05:13 PM

Thank you very much! I'll update the code repository as soon as I can.

**csmith** · September 11th, 2009 05:47 PM

I've checked the lava support into the BES++ SVN trunk now.

Thanks again!

Thread: SSL Error on running BES++

LinkBack

Thread Tools

Search Thread

Display

SSL Error on running BES++

Posting Permissions