Hi Charles, Thanks for your tip! My problem was in the cog.properties file, which was, indeed, interfering.
Sandra > -----Original Message----- > From: Charles Bacon [mailto:[EMAIL PROTECTED] > Sent: martes, 18 de noviembre de 2008 16:32 > To: Sandra Jimenez Doval > Cc: [email protected] > Subject: Re: [gt-user] GT4 Security configuration in Windows > > I think %HOME%\.globus\certificates is where certs would go, not just > under .globus itself. Then again, I would have expected $GL/share/ > certificates to work. Does the version of grid-proxy-init you get > have a verification option? That should at least show you what it's > using for a Trusted CA directory. Also, if you have a .globus/ > cog.properties file, it could be interfering with the ordinary search > order. > > > Charles > > On Nov 18, 2008, at 8:59 AM, Sandra Jimenez Doval wrote: > > > Dear all, > > > > I'm struggling to configure GT4 security in Windows. I am using > > GT4.0.8 Java WS Core as standalone container, and I'd like to use > > Message Level Security - GSI Secure Conversation in order to use > > OGSA-DAI's GridFTP activities. > > > > I configured the trusted CA, puting the <CAhash>.0 and > > <CAhast>.signing_policy files at %USERPROFILE%\.globus. > > There are located as well my hostkey.pem and hostcert.pem, which was > > signed by the CA. > > I configured the grid-mapfile and created a proxy with grid-proxy- > > init with the host certificate. > > > > I've configured the global_security_descriptor.xml as well as the > > different services security descriptor files following the OGSA-DAI > > admin documentation. > > > > I started the globus container with "globus-start-container -nosec". > > > > However, when I run my client I get the following exception: > > > > [1227008425909:0] > uk.org.ogsadai.client.tookit.RESOURCE_COMMS_ERROR :http://localhost:8080/w > srf/services/dai/DataRequestExecutionService/DataRequestExecutionResourc e > > ; nested exception is: > > org.globus.common.ChainedIOException: Authentication failed > > [Caused by: Failure unspecified at GSS-API level [Caused by: Unknown > > CA]] > > Authentication failed [Caused by: Failure unspecified at GSS-API > > level [Caused by: Unknown CA]] > > > > > > Following the OGSA-DAI admin documentation, I've tried putting the > > CA files at other locations (%GLOBUS_LOCATION%\share\certificates), > > and to configure the X509_CERT_DIR environment variable. > > > > What did I do wrong? I believe that the problem is more with GT4 > > security configuration than with OGSA-DAI configuration... What else > > should I check? What else can I try? > > > > Thanks a lot in advance for any hint, help or advice! > > > > Best, > > > > > > Sandra > > > > ------------------------------------------------------------------ > > This e-mail and the documents attached are confidential and intended > > solely for the addressee; it may also be privileged. If you receive > > this e-mail in error, please notify the sender immediately and > > destroy it. > > As its integrity cannot be secured on the Internet, the Atos Origin > > group liability cannot be triggered for the message content. Although > > the sender endeavours to maintain a computer virus-free network, > > the sender does not warrant that this transmission is virus-free and > > will not be liable for any damages resulting from any virus > > transmitted. > > > > Este mensaje y los ficheros adjuntos pueden contener informacion > > confidencial > > destinada solamente a la(s) persona(s) mencionadas anteriormente > > pueden estar protegidos por secreto profesional. > > Si usted recibe este correo electronico por error, gracias por > > informar > > inmediatamente al remitente y destruir el mensaje. > > Al no estar asegurada la integridad de este mensaje sobre la red, > > Atos Origin > > no se hace responsable por su contenido. Su contenido no constituye > > ningun > > compromiso para el grupo Atos Origin, salvo ratificacion escrita por > > ambas partes. > > Aunque se esfuerza al maximo por mantener su red libre de virus, el > > emisor > > no puede garantizar nada al respecto y no sera responsable de > > cualesquiera > > danos que puedan resultar de una transmision de virus. > > ------------------------------------------------------------------ ------------------------------------------------------------------ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Este mensaje y los ficheros adjuntos pueden contener informacion confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente pueden estar protegidos por secreto profesional. Si usted recibe este correo electronico por error, gracias por informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos Origin no se hace responsable por su contenido. Su contenido no constituye ningun compromiso para el grupo Atos Origin, salvo ratificacion escrita por ambas partes. Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no sera responsable de cualesquiera danos que puedan resultar de una transmision de virus. ------------------------------------------------------------------
