Menu
▾
▴
[Unity-idm-discuss] issue with certificates after updating unity from 2.4.2 to 2.8.2
|
From: Sander A. <sa....@fz...> - 2019-12-12 12:04:49
|
Dear Krzysztof,
I updated unity from 2.4.2 to 2.8.2. I know that this version is old
too. But we are not ready to update to unity 3.
After the update I have an issue with certificates.
If you select a grid certificate for authentication, it is rejected and
you get a "Secure Connection Failed" error with "SSL peer had some
unspecified issue with the certificate it received." It seems that
unity does not like the Grid cert infrastructure any more. When I use a
global certificate everything went well.
The pki truststore config is the same like in 2.4.2:
unity.pki.truststores.MAIN.type=directory
unity.pki.truststores.MAIN.allowProxy=DENY
unity.pki.truststores.MAIN.directoryLocations.1=/usr/local/unity/certs/*
unity.pki.truststores.MAIN.directoryLocations.2=/etc/grid-security/certificates/*.pem
unity.pki.truststores.MAIN.crlLocations.1=/etc/grid-security/certificates/*.crl
unity.pki.truststores.MAIN.directoryEncoding=PEM
unity.pki.truststores.MAIN.crlUpdateInterval=400
unity.pki.truststores.WEB.type=directory
unity.pki.truststores.WEB.allowProxy=DENY
unity.pki.truststores.WEB.directoryLocations.1=/usr/local/unity/certs/*
unity.pki.truststores.WEB.crlLocations.1=/etc/grid-security/certificates/*.crl
unity.pki.truststores.WEB.directoryEncoding=PEM
unity.pki.truststores.WEB.crlUpdateInterval=400
The authenticator configuration in unityServer.conf was adjusted to
have only one single certificate configuration:
unityServer.core.authenticators.cert.authenticatorName=cert
unityServer.core.authenticators.cert.authenticatorType=certificate
unityServer.core.authenticators.cert.localCredential=Certificate credential
unityServer.core.authenticators.cert.configurationFile=${CONF}/authenticators/certificateRetrieval.properties
Do you have any clue why it is not working anymore? There is no error
in the logs about it.
Cheers,
Sander
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
