Dear all,
I'm struggling to configure GT4 security in Windows. I am using GT4.0.8 Java WS Core as standalone container, and I'd like to use Message Level Security - GSI Secure Conversation in order to use OGSA-DAI's GridFTP activities. I configured the trusted CA, puting the <CAhash>.0 and <CAhast>.signing_policy files at %USERPROFILE%\.globus. There are located as well my hostkey.pem and hostcert.pem, which was signed by the CA. I configured the grid-mapfile and created a proxy with grid-proxy-init with the host certificate. I've configured the global_security_descriptor.xml as well as the different services security descriptor files following the OGSA-DAI admin documentation. I started the globus container with "globus-start-container -nosec". However, when I run my client I get the following exception: [1227008425909:0] uk.org.ogsadai.client.tookit.RESOURCE_COMMS_ERROR : http://localhost:8080/wsrf/services/dai/DataRequestExecutionService/Data RequestExecutionResource ; nested exception is: org.globus.common.ChainedIOException: Authentication failed [Caused by: Failure unspecified at GSS-API level [Caused by: Unknown CA]] Authentication failed [Caused by: Failure unspecified at GSS-API level [Caused by: Unknown CA]] Following the OGSA-DAI admin documentation, I've tried putting the CA files at other locations (%GLOBUS_LOCATION%\share\certificates), and to configure the X509_CERT_DIR environment variable. What did I do wrong? I believe that the problem is more with GT4 security configuration than with OGSA-DAI configuration... What else should I check? What else can I try? Thanks a lot in advance for any hint, help or advice! Best, Sandra ------------------------------------------------------------------ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Este mensaje y los ficheros adjuntos pueden contener informacion confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente pueden estar protegidos por secreto profesional. Si usted recibe este correo electronico por error, gracias por informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos Origin no se hace responsable por su contenido. Su contenido no constituye ningun compromiso para el grupo Atos Origin, salvo ratificacion escrita por ambas partes. Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no sera responsable de cualesquiera danos que puedan resultar de una transmision de virus. ------------------------------------------------------------------
