Peer certificate cannot be authenticated

[Bill Conn]

Hello,

I'm working on connecting our Globus Connect Server v5 to a BlackPearl machine using the BlackPearl connector.  I'm seeing this error message when I try to access a collection I've added:

Command Failed: Error (login) Endpoint: My Endpoint(UUID) Server: SUBDOMAIN.dn.glob.us:443 Message: Login Failed --- Details: 530 Login incorrect. : A DS3 error has occurred. Code: DS3_ERROR_REQUEST_FAILED (2) Message: Request failed: Peer certificate cannot be authenticated with given CA certificates Response->Error Code: Empty Response->HTTP Code: 0 Response->Message: Empty Response->Resource: Empty Response->ResourceID: 0 \r\n

I'm thinking this is an improperly configured certificate on the BlackPearl machine?  I can load the URL of the BP in a browser and the browser doesn't complain but if I check the BP with openssl it cannot verify the first certificate.  This is what makes me think the cert is misconfigured.

I just wanted to double check that this error message actually indicated a certificate issue to make sure I was looking in the right place.

Thanks,

Bill

[Michael Link]

Hi Bill,

You're right, that error indicates that the Globus Connect Server host
does not trust the the certificate on the BlackPearl server.

If the BlackPearl server is using a self-signed certificate or a
certificate from a CA that is not included in the default
ca-certificates package, that cert or CA cert would need be added
manually to the Globus Connect Server host's trust roots. You can find
the procedure for that by searching the web: "import CA certificate
<distro>".

Mike