On 11/04/13 06:23, Ken McDonell wrote:
> ...
> Here's the transcript in the hope that someone can suggest what to try next
> ...
No suggestions so far.
Some more info. On another system I did the tutorial thing again, with similar
results, except
kenj@bozo-laptop:~$ PCP_SECURE_SOCKETS=enforce pmprobe sample.long.one
WARNING: issuer of certificate received from host bozo-laptop is not trusted.
SHA1 fingerprint is 2B:C6:AF:F2:7C:3A:B4:55:67:24:C2:6B:03:47:E3:C9:33:EC:FB:D9
Do you want to accept and save this certificate locally anyway (y/n)?
WARNING: Failed to save certificate locally: The operation failed because the
PKCS#11 token is not logged in.
sample.long.one -12366 IPC protocol failure
No clue what the PKCS#11 message is about (this is the different bit).
And from pmcd.log ...
root@bozo-laptop:~/src/pcp/qa# grep -i certificate /var/log/pcp/pmcd/pmcd.log
Certificate: PCP Collector certificate Not Valid Before: Fri Apr 12 10:01:29
2013 UTC Not Valid After: Wed Apr 12 10:01:29 2023 UTC
[Fri Apr 12 20:12:37] pmcd(27432) Error: Unable to force secure handshake: SSL
peer cannot verify your certificate.
[Fri Apr 12 20:13:03] pmcd(27432) Error: Unable to force secure handshake: SSL
peer cannot verify your certificate.
And system-wide certificates ...
kenj@bozo-laptop:~$ certutil -d sql:/etc/pki/nssdb -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Local CA certificate CTu,u,u
PCP Collector certificate u,u,u
So far I have been unable to make secure sockets work on _any_ of the 20+ QA
hosts I have, so I believe either it is totally broken, or there is something
really critical missing from lab.secure.html _and_ the QA tests (712 and 713).
I would really appreciate some assistance on this one from the secure socket
pixies.
|