[Linux-cluster] fence_vmware_soap sslv3 alert certificat unkown

Fredrik Hudner Fredrik.Hudner at evry.com
Fri May 3 13:33:38 UTC 2013

Dear all, 

I have a pacemaker cluster and need to setup a stonith fencing agent, in this case fence_vmware_soap. 

Centos 6.3

I'm running the command manually with different options: 

# fence_vmware_soap -o off -a vcenter-adress -l drift\vcenter_tdtestclu -p password  -n tdtestclu02 -u 443
Unable to connect/login to fencing device

# fence_vmware_soap -o off -a -l drift\vcenter_tdtestclu -p password -z -n tdtestclu02 -u 443
No handlers could be found for logger "suds.client"
Unable to connect/login to fencing device

In vCenters (5.1) system logs I can see the following error: 

2013-05-03T14:00:07.031+02:00 [07800 error 'Default'] [0] error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
2013-05-03T14:00:07.031+02:00 [07800 error 'Default'] SSLStreamImpl::DoServerHandshake (000000005d11ce30) SSL_accept failed. Dumping SSL error queue:
2013-05-03T14:00:07.031+02:00 [07800 warning 'ProxySvc'] SSL Handshake failed for stream TCPStreamWin32(socket=TCP(fd=31640) local=vcentre-adress:443,  peer=vcentre-adress:53876), error: class Vmacore::Ssl::SSLException(SSL Exception: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown)

Question is: 
Is the unknown certificate the real problem here ?  and if so, on which host is it actually missing (source host, vCentre or target host) ?

Any other clues how to get this to work is much appreciated
(and if you need more information, please let me know)

Kind regards

More information about the Linux-cluster mailing list