Re: [gt-user] regarding proxy certificates

Mon, 21 Sep 2009 05:05:57 -0700 

simar gill wrote:

Hi all,
I have reinstalled simpleCA by running the installation script and
setup gsi-setup again with new subject name.I have configured and
signed host certs and usercerts with new names.
but further I have to configure proxy cert but it will give the
following errors and various output regarding certificates are shown :
(1)
glo...@simar-laptop:~$ $GLOBUS_LOCATION/bin/grid-proxy-init -verify -debug

User Cert File: /home/globus/.globus/usercert.pem
User Key File: /home/globus/.globus/userkey.pem

Trusted CA Cert Dir: /etc/grid-security/certificates

Output File: /tmp/x509up_u1001
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-simar-laptop/CN=root
Enter GRID pass phrase for this identity:
Creating proxy .....++++++++++++
.......++++++++++++
 Done
Error: Couldn't verify the authenticity of the user's credential to
generate a proxy from.
       grid_proxy_init.c:971: globus_credential: Error verifying
credential: Failed to verify credential
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Can't get the local trusted CA
certificate: Cannot find trusted CA certificate with hash b2bc8b3f in
/etc/grid-security/certificates

(2)
glo...@simar-laptop:~$ $GLOBUS_LOCATION/bin/grid-default-ca -list
The available CA configurations installed on this host are:

Directory: /etc/grid-security/certificates

1) 7a13c923 -  /O=Grid/OU=GlobusTest/OU=simpleCA-cse.mtech.com/CN=Globus
Simple CA

Directory: /home/globus/globus-4.2.1/share/certificates

2) b2bc8b3f -  /O=Grid/OU=GlobusTest/OU=simpleCA-simar-laptop/CN=Globu
Simple CA
If you want to change the host name ... you must create new credentials : host , container , users. If you follow all the steps in the certificate setup ( http://www.globus.org/toolkit/docs/4.2/4.2.1/admin/install/#gtadmin-simpleca ) you should have no problems . I recommend that you delete or move the other certificates and keys (from /etc/grid-security and $USER_HOME/.globus/ and create new ones. This way you will know at which step you will get the error. 

Best Regards
Stefan Mosoi

Reply via email to