# grid-cert-diagnostic , Result is Checking Environment Variables ============================== Checking if X509_CERT_DIR is set... /etc/grid-security/certificates Checking if X509_USER_CERT is set... /etc/grid-security/containercert.pem Checking if X509_USER_KEY is set... /etc/grid-security/containerkey.pem Checking if X509_USER_PROXY is set... no
Checking Security Directories ======================= Determining trusted cert path... /etc/grid-security/certificates Checking for cog.properties... not found Checking trusted certificates... ================================ Getting trusted certificate list... Checking CA file /etc/grid-security/certificates/e092b1b7.0... ok Verifying certificate chain for "/etc/grid-security/certificates/e092b1b7.0"... ok -----Original Message----- From: Charles Bacon [mailto:[EMAIL PROTECTED] Sent: Mon 7/21/2008 4:20 PM To: Kashif Mohammad Cc: Omer Jilani; [email protected] Subject: Re: grid-proxy-init -debug -verify problem in gt4.2.0 Try the grid-cert-diagnostics script from 4.2.0 and send us the results. Thanks, Charles On Jul 19, 2008, at 8:09 AM, Kashif Mohammad wrote: > > Yes, I have double checked it, and signing policy file is exactly > same in both machine. > Thanks > > -----Original Message----- > From: Charles Bacon [mailto:[EMAIL PROTECTED] > Sent: Fri 7/18/2008 6:36 PM > To: Kashif Mohammad > Cc: Omer Jilani; [email protected] > Subject: Re: grid-proxy-init -debug -verify problem in gt4.2.0 > > It sounds like the problem is in the signing policy. Can you verify > that the signing policy is the same on the two different machines? > > One difference between 4.0 and 4.2 will be the default type of proxy > created. 4.0 had a nonstandard OID in one location, while 4.2 is > fully RFC compliant by default. You can tell them apart with grid- > proxy-info. The 4.0 style is: > type : Proxy draft (pre-RFC) compliant impersonation proxy > > The 4.2 style is: > type : RFC 3820 compliant impersonation proxy > > But that should not affect the behavior of the proxy with respect to > verification. I just mention it for completeness. > > > Charles > > On Jul 18, 2008, at 11:27 AM, Kashif Mohammad wrote: > >> >> >> >> Dear All >> We are doing a small experiment in basic level interoperability >> between glite and globus. We are using vmware virtual machine and >> glite training tool gridseed. In Gridseed we can initiate all the >> components of glite and there is CA in the setup which provides Host >> Certificate and User Certificate and also creates signing policy >> files etc. >> I installed gt4.0.0 on a different virtual machine and integrated it >> with gridseed and got the certificate from gridseed and ran grid- >> proxy-init -debug -verify and proxy was created without any error. >> >> Then I installed gt4.2.0 on a different virtual machine and repeat >> the same procedure but this time I got this error when I ran grid- >> proxy-init -debug -verfify >> ERROR: could not verify the authenticity of the user credential to >> generate a proxy from grid-ptoxy-init.c:1013: globus_credential: >> Error verifying credential: Failed to verify the credential. >> globus_gsi_callback_module: could not verify credential >> globus_gsi_callback_module: error with signing policy >> globus_gsi_callback_module: error in OLD GAA code: Could not get >> policy info: minor status=201 >> >> I also ran these test to check the validity of certificate and the >> result was OK >> openssl verify -CApath /etc/grid-security/certificates >> -purpose sslclient ~/.globus/usercert.pem >> >> openssl verify -CApath /etc/grid-security/certificates -purpose >> sslserver /etc/grid-security/hostcert.pem >> >> I wanted to know that, what is the difference between gt4.0.0 and >> gt4.2.0 grid-proxy-init command, As I found that gt4.0.0 is using >> globus_proxy_utils_0.14 and gt4.2.0 is using globus_proxy_utils_2.1. >> Is it due to this or gt4.2.0 is using some extra fields. >> >> Can someone explain the difference as I could not get any material >> on net regarding it. >> Thanks >> Mohammad Kashif >> INFN, Cagliari, Italy >> >> > >
