Hi all, I'm trying globus-url-copy and it gives me the following error:
@> globus-url-copy file:/tmp/test gsiftp://ce.glite.ecdf.ed.ac.uk:2811/tmp/s0782592-test 535 535-FTPD GSSAPI error: GSS Major Status: Authentication Failed 535-FTPD GSSAPI error: GSS Minor Status Error Chain: 535-FTPD GSSAPI error: 535-FTPD GSSAPI error: accept_sec_context.c:170: gss_accept_sec_context: SSLv3 handshake problems 535-FTPD GSSAPI error: globus_i_gsi_gss_utils.c:881: globus_i_gsi_gss_handshake: Unable to verify remote side's credentials 535-FTPD GSSAPI error: globus_i_gsi_gss_utils.c:854: globus_i_gsi_gss_handshake: SSLv3 handshake problems: Couldn't do ssl handshake 535-FTPD GSSAPI error: OpenSSL Error: s3_srvr.c:1816: in library: SSL routines, function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned 535-FTPD GSSAPI error: globus_gsi_callback.c:351: globus_i_gsi_callback_handshake_callback: Could not verify credential 535-FTPD GSSAPI error: globus_gsi_callback.c:429: globus_i_gsi_callback_cred_verify: Can't get the local trusted CA certificate: Cannot find issuer certificate for local credential with subject: /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=omer jilani/CN=1642317439 535 FTPD GSSAPI error: accepting context Additonal information @> grid-proxy-init -debug -verify Done Proxy Verify OK @> grid-proxy-info subject : /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=omer jilani/CN=1642317439 issuer : /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=omer jilani identity : /C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=omer jilani type : RFC 3820 compliant impersonation proxy strength : 512 bits path : /tmp/x509up_u500 timeleft : 11:54:47 @> ls -lh /etc/grid-security/certificates -rw-r--r-- 1 root root 1.3K Jul 19 14:22 367b75c3.0 -rw-r--r-- 1 root root 33K Jul 19 15:45 367b75c3.r0 -rw-r--r-- 1 root root 606 Jul 19 15:05 367b75c3.signing_policy -rw-r--r-- 1 root root 1.3K Jul 19 14:28 98ef0ee5.0 -rw-r--r-- 1 root root 609 Jul 19 15:46 98ef0ee5.r0 -rw-r--r-- 1 root root 618 Jul 19 15:09 98ef0ee5.signing_policy @> ls -lh ~/.globus/ -rw-r--r-- 1 omer omer 2.2K Jul 10 21:31 usercert.pem -r-------- 1 omer omer 1.9K Jul 10 21:32 userkey.pem @> openssl verify -CApath /etc/grid-security/certificates -purpose sslclient ~/.globus/usercert.pem /home/omer/.globus/usercert.pem: OK @> cat 367b75c3.signing_policy # @(#)$Id: 367b75c3.signing_policy,v 1.1 2007/11/15 21:04:34 pmacvsdg Exp $ access_id_CA X509 '/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA' pos_rights globus CA:sign cond_subjects globus '"/C=UK/O=eScience/*"' @> cat 98ef0ee5.signing_policy # @(#)$Id: 98ef0ee5.signing_policy,v 1.1 2007/11/15 21:04:34 pmacvsdg Exp $ access_id_CA X509 '/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root' pos_rights globus CA:sign cond_subjects globus '"/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA"' There is another thing that is strange, when i do @> openssl x509 -hash -noout -in /home/omer/.globus/usercert.pem 9bcc3dd0 Shouldnt I get the hash 367b75c3. Is it beacuse the OU in my usercert is OU=Edinburgh and in the CA its OU=Authority? I've looked into the globus documentation and email archives and seem to be doing all the things, but still cant get it right. Any help is highly appreciated. thanks omer _________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
