Project

General

Profile

Task #5927

MNDeployment #3708: Minnesota Population Center

Task #5921: MPC: Testing

Task #5922: MPC: Registration in environment

Task #5924: MPC: SSL Certificates

MPC: Verify successful installation of server side certificate

Added by Laura Moyers almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Chris Jones
Target version:
Operational
Start date:
2014-07-18
Due date:
% Done:

100%

Story Points:
Sprint:

Description

After notification from the MN that the server side certificate has been installed, verify that it is working correctly.

Related issues

Blocks Member Nodes - Task #5926: MPC: Verify successful installation of client side certificate Closed 2014-07-18

History

#1 Updated by Laura Moyers over 9 years ago

  • Target version changed from Deploy by end of Y5Q4 to Deploy by end of Y1Q1

#2 Updated by Chris Jones over 9 years ago

  • Status changed from New to In Progress
  • Assignee set to Chris Jones

We're having trouble successfully connecting to dataone-test.pop.umn.edu. Troubleshooting the server side ceertificates now.

#3 Updated by Chris Jones over 9 years ago

When connecting to dataone-test.pop.umn.edu over SSL, the connection outside of a browser fails:

openssl s_client -connect dataone-test.pop.umn.edu:443 -CAfile addtrustexternalcaroot.crt

...

Certificate chain
0 s:/C=US/postalCode=55455/ST=MN/L=Minneapolis/street=100 Union Street SE/O=University of Minnesota/OU=College of Liberal Arts/CN=dataone-test.pop.umn.edu

i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA

...

Verify return code: 21 (unable to verify the first certificate)

Note that only one certificate is returned in the chain. This usually means that Apache SSL directives are not configured completely. The server needs to return both the server certificate, and the intermediate CA certificates that sign the server certificate up to, and potentially including, the root certificate.

Fabio needs to download the intermediate chain file from the InCommon CA provider, and install that in Apache, then restart Apache.

#4 Updated by Laura Moyers over 9 years ago

  • Target version changed from Deploy by end of Y1Q1 to Deploy by end of NCTE

#5 Updated by Laura Moyers over 9 years ago

  • Target version changed from Deploy by end of NCTE to Operational

#6 Updated by Laura Moyers about 9 years ago

  • % Done changed from 0 to 100
  • translation missing: en.field_remaining_hours set to 0
  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)