Project

General

Profile

Task #7607

Story #7605: MemberNodes not authorizing CN to harvest log records

LTER_EUROPE refuses the production CN from harvesting log records

Added by Robert Waltz almost 6 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Environment.Production
Target version:
Start date:
2016-01-26
Due date:
% Done:

0%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

urn:node:LTER_EUROPE fails with a NotAuthorized exception:

org.dataone.service.exceptions.NotAuthorized: Only the CN or admin is allowed to harvest logs from this node

LTER_EUROPE does not appear to recognize the CN certificate as a valid CN certificate. Jing may be able to help diagnose why since LTER_EUROPE is a metacat installation

Bases from our experience with IOE, we should check that Apache is configured correctly to trust the DataONE Production CA cert,

SSLCACertificateFile /etc/ssl/certs/DataONECAChain.crt

and that Apache is verifying client certs,

SSLVerifyClient optional

History

#1 Updated by Robert Waltz over 5 years ago

  • Description updated (diff)

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)