Thanks Charles. It works. there were 4 copies of the revoked certificates in /home/globus/.globus/simpleCA/newcerts/01.pem (03.pem, 09.pem, and 0A.pem). I continued to compare the results of openssl x509 -in /home/globus/.globus/simpleCA/newcerts/01.pem -noout -modulus (for 01.pem, 03.pem, 09.pem, and 0A.pem) with that of openssl rsa -in /etc/grid-security/hostkey.pem -noout -modulus untill 09.pem and 0A.pem matched with the hostkey. I then overwrote the former hostcert.pem with 0A.pem (the latest certificate). See how I did it:
[EMAIL PROTECTED] ~]# openssl x509 -in /home/globus/.globus/simpleCA/newcerts/09.pem -noout -modulus Modulus=DACCE95E6188D6CA48C7BBF3A6D8569798769844198F317FCF38470236F870BC68DF779E4B9A5D0D767C8DDB6AD4E7CECF69EC1ED6DB0D7E1DBA5A7C2A5171C5FD3A4BF3FEF48F1DD1C9DC71422DEEF86AFA0E31AE6D2A9E977EE62FFFDA4D7F7E396ED84BE5EEE18C01672A7D6BB0C670649AECC50320AC5A8154CB834D0DA7 [EMAIL PROTECTED] ~]# openssl x509 -in /home/globus/.globus/simpleCA/newcerts/0A.pem -noout -modulus Modulus=DACCE95E6188D6CA48C7BBF3A6D8569798769844198F317FCF38470236F870BC68DF779E4B9A5D0D767C8DDB6AD4E7CECF69EC1ED6DB0D7E1DBA5A7C2A5171C5FD3A4BF3FEF48F1DD1C9DC71422DEEF86AFA0E31AE6D2A9E977EE62FFFDA4D7F7E396ED84BE5EEE18C01672A7D6BB0C670649AECC50320AC5A8154CB834D0DA7 [EMAIL PROTECTED] ~]# openssl rsa -in /etc/grid-security/hostkey.pem -noout -modulus Modulus=DACCE95E6188D6CA48C7BBF3A6D8569798769844198F317FCF38470236F870BC68DF779E4B9A5D0D767C8DDB6AD4E7CECF69EC1ED6DB0D7E1DBA5A7C2A5171C5FD3A4BF3FEF48F1DD1C9DC71422DEEF86AFA0E31AE6D2A9E977EE62FFFDA4D7F7E396ED84BE5EEE18C01672A7D6BB0C670649AECC50320AC5A8154CB834D0DA7 -----END CERTIFICATE----- [EMAIL PROTECTED] ~]# cp /home/globus/.globus/simpleCA/newcerts/0A.pem /etc/grid-security/hostcert.pem cp: overwrite `/etc/grid-security/hostcert.pem'? y [EMAIL PROTECTED] ~]# openssl x509 -in /etc/grid-security/hostcert.pem -noout -modulus Modulus=DACCE95E6188D6CA48C7BBF3A6D8569798769844198F317FCF38470236F870BC68DF779E4B9A5D0D767C8DDB6AD4E7CECF69EC1ED6DB0D7E1DBA5A7C2A5171C5FD3A4BF3FEF48F1DD1C9DC71422DEEF86AFA0E31AE6D2A9E977EE62FFFDA4D7F7E396ED84BE5EEE18C01672A7D6BB0C670649AECC50320AC5A8154CB834D0DA7 [EMAIL PROTECTED] ~]# openssl rsa -in /etc/grid-security/hostkey.pem -noout -modulus Modulus=DACCE95E6188D6CA48C7BBF3A6D8569798769844198F317FCF38470236F870BC68DF779E4B9A5D0D767C8DDB6AD4E7CECF69EC1ED6DB0D7E1DBA5A7C2A5171C5FD3A4BF3FEF48F1DD1C9DC71422DEEF86AFA0E31AE6D2A9E977EE62FFFDA4D7F7E396ED84BE5EEE18C01672A7D6BB0C670649AECC50320AC5A8154CB834D0DA7 [EMAIL PROTECTED] ~]# su - ash [EMAIL PROTECTED] ~]$ export GLOBUS_LOCATION=/usr/local/globus-4.0.4 [EMAIL PROTECTED] ~]$ source $GLOBUS_LOCATION/etc/globus-user-env.sh [EMAIL PROTECTED] ~]$ export JAVA_HOME=/opt/j2sdk1.4.2_13 [EMAIL PROTECTED] ~]$ export ANT_HOME=/opt/apache-ant-1.7.0 [EMAIL PROTECTED] ~]$ export PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATH [EMAIL PROTECTED] ~]$ grid-proxy-init -verify -debug User Cert File: /home/ash/.globus/usercert.pem User Key File: /home/ash/.globus/userkey.pem Trusted CA Cert Dir: /etc/grid-security/certificates Output File: /tmp/x509up_u502 Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-isxp1313c.sims.cranfield.ac.uk/OU=sims.cranfield.ac.uk/CN=Ashutosh Tiwari Enter GRID pass phrase for this identity: Creating proxy .......++++++++++++ .......++++++++++++ Done Proxy Verify OK Your proxy is valid until: Tue Jun 19 04:28:40 2007 [EMAIL PROTECTED] ~]$ globus-url-copy gsiftp://isxp1313c.sims.cranfield.ac.uk/etc/group file:///tmp/ash.test.copy [EMAIL PROTECTED] ~]$ diff /tmp/ash.test.copy /etc/group [EMAIL PROTECTED] ~]$ Thanks once more. Regards Gokop Charles Bacon <[EMAIL PROTECTED]> wrote: You have to get a new one, unless you've still got the request corresponding to the new key, in which case you can sign the request again and move the signed hostcert with the right modulus back into place. Charles On Jun 18, 2007, at 3:50 AM, Gokop Goteng wrote: > my usercert/userkey matched but the hostcert/hostkey did not match > which I gues is the problem. How can I reconcile the hostcert/hostkey? --------------------------------- Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
