Re: [Condor-users] detailed instruction on how to setup condor soap ssl

[Zhu Wayne <zhuw.chicago@xxxxxxxxx>]

Peter,
I will definitely try Aviary module. Now I have solved certification
issue. I tested with open ssl s_server and s_client and they can stay
connected with Secure Renegotiation IS supported.

However, Condor daemon disconnects both openssl s_client and Java axis
client right after SSL handshake. Since openssl s_server can stay
connected with s_client. It must be Condor SSL setup. The output
listed Secure Renegotiation IS supported.  Is there anything missing
in my configuration:
ENABLE_SOAP = TRUE
ENABLE_WEB_SERVER = TRUE
WEB_ROOT_DIR = $(RELEASE_DIR)/lib/webservice
ALLOW_SOAP = */*
QUEUE_ALL_USERS_TRUSTED = TRUE
COLLECTOR_ENABLE_SOAP_SSL = TRUE
COLLECTOR_SOAP_SSL_PORT = 9818
SOAP_SSL_SERVER_KEYFILE = /opt/appl/condor/live/web/server-cert-key.pem
SOAP_SSL_CA_FILE = /opt/appl/condor/live/web/cacert.pem
CERTIFICATE_MAPFILE = /opt/appl/condor/live/web/cert_map
USER_MAPFILE = /opt/appl/condor/live/web/user_map

$ openssl s_client  -cert client-cert-key.pem -CAfile ../cacert.pem
-connect wiwebcm301p.qa.ch3.s.com:9818
Enter pass phrase for client-cert-key.pem:
CONNECTED(00000003)
...
---
Server certificate
-----BEGIN CERTIFICATE-----
...
---
SSL handshake has read 1743 bytes and written 1950 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key:
FBB2914EA557092D12941666967BB818FDACEFFFC74B5F941B833017F0545BE1911474E2E7585707337B8A235DD73F30
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1333572333
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed