Some common problems when authenticating, together with possible solutions. Please note that the provided problem causes are causes we observed. Of course it is possible that other reasons may cause the same problems, in that case these solutions may not work.
Problem
* Trying x.x.x.x... * TCP_NODELAY set * Connected to epic3.storage.surfsara.nl (x.x.x.x) port 8007 (#0) * WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure Transport. The private key must be in the Keychain. * WARNING: SSL: Certificate type not set, assuming PKCS#12 format. * SSL: Can't load the certificate "/<path>/<cert>.pem" and its private key: OSStatus -25299 * Closing connection 0 curl: (58) SSL: Can't load the certificate "/<path>/<cert>.pem" and its private key: OSStatus -25299
Possible Solution
The problem is that MacOS default does NOT have openssl compiled within curl
. Use homebrew to download a precompiled curl
with OpenSSL enabled:
brew install curl-openssl
Please note that this will not replace the default curl
command of MacOS, you have to specifically point to the path of the newly installed version:
$ brew info curl-openssl curl-openssl: stable 7.69.1 (bottled), HEAD [keg-only] ... /usr/local/Cellar/curl-openssl/7.69.0_1 (457 files, 3.4MB) ...
Using the provided path:
$ /usr/local/Cellar/curl-openssl/7.69.0_1/bin/curl --version curl 7.69.0 (x86_64-apple-darwin18.7.0) libcurl/7.69.0 OpenSSL/1.1.1d zlib/1.2.11 brotli/1.0.7 c-ares/1.15.0 libssh2/1.9.0 nghttp2/1.40.0 librtmp/2.3 Release-Date: 2020-03-04 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets
Add it to your path to use the new version by default:
export PATH="/usr/local/Cellar/curl-openssl/7.69.0_1/bin:$PATH"
Problem
{"responseCode":402,"handle":"myprefix/123456"}
Possible solution 1
This error occurs if the username does not have admin permissions yet. Make sure it is referred to in a HS_ADMIN or HS_VLIST that has admin permissions.
Possible solution 2
This error also occurs if the username did not get permissions for this specific handle in its HS_ADMIN entry. Each user can only modify handles whose HS_ADMIN entry (or one of its HS_ADMIN entries) gives write permissions to him, either directly or by pointing to a HS_VLIST that has admin permissions and that contains the username.
Problem
SSL routines:SSL3_READ_BYTES:ssl handshake failure
Possible Solution 1
This error can occur if the private key was encrypted. Please try with an unencrypted private key.
Possible Solution 2
Make sure that openssl version 1.0.1 or higher is used. Openssl 0.98 gives handshake errors.
Problem
requests.exceptions.SSLError: [SSL] PEM lib (_ssl.c:2525)
Possible Solution
This error occurs if the private key was not provided, for example if a single file instead of two was provided, but the private key was not contained. For this reason, we only recommend and describe passing certificate and private key in two separate files.
Problem
SSLError: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Possible Solution:
This error occurs if the server certificate at the handle server can not be verified at the client side. The library default is to verify the certificate. This is normally done with a certificate from a CA authority. The credentials file can have an optional parameter HTTPS_verify
to change the behaviour. The problem can be solved in several ways. By adding the correct CA certificate to the bundle on the system. By setting a path to the correct CA certificate as follows: "HTTPS_verify": "/path_to_ca_certificate/ca_certificate"
. Or by disabling the checking of the certificate: "HTTPS_verify": "False"
. The last option is the least desired option.
The SURFsara Data Archive allows the user to safely archive up to petabytes of valuable research data.
Persistent identifiers (PIDs) ensure the findability of your data. SURFsara offers a PID provisioning service in cooperation with the European Persistent Identifier Consortium (EPIC).
B2SAFE is a robust, secure and accessible data management service. It allows common repositories to reliably implement data management policies, even in multiple administrative domains.
The grid is a transnational distributed infrastructure of compute clusters and storage systems. SURFsara is active as partner in various...
Spider is a dynamic, flexible, and customizable platform locally hosted at SURF. Optimized for collaboration, it is supported by an ecosystem of tools to allow for data-intensive projects that you can start up quickly and easily.
The Data Ingest Service is a service provided by SURFsara for users that want to upload a large amount of data to SURFsara and who not have the sufficient amount...
The Collaboratorium is a visualization and presentation space for science and industry. The facility is of great use for researchers that are faced with...
Data visualization can play an important role in research, specifically in data analysis to complement other analysis methods, such as statistical analysis.