--- On Wed, 1/21/09, Sardar Hussain <[email protected]> wrote: Hi,
I have a problem with certificates from multiple CA's. My scenario is as following. I have my globus container using UK e-Science certificates at location /etc/grid-security/ and its CA and signing policy at /etc/grid-security/certificates/. Globus is running fine with no errors. I have a user "permistest" who is using certificates from some other CA (not e-Science) and its certificates at /home/permistest/.globus/ and its CA and signing policy at /home/permistest/.globus/certificates/ I can generate a proxy for permistest successfully and can verify against its CA as well. Now when I try to access a service through this "permistest" user I get the "unknown CA" error as following [permist...@salarzai .globus]$ globus-stop-container Error: ; nested exception is: org.globus.common.ChainedIOException: Authentication failed [Caused by: Failure unspecified at GSS-API level [Caused by: Unknown CA]] Here I think globus is using e-Science CA for this user to authenticate. Alternatively when I put the CA and its signing policy for permistest in the /etc/grid-security/certificates and then try to access a service from the container through "permistest" it generates the same above error. I then put the CA and signing policy for the "permistest" user in the /home/globus/.globus/certificates directory as well but now I even can't start my container throwing the above error: [glo...@salarzai globus-4.0.4]$ globus-start-container Failed to obtain a list of services from 'https://130.209.58.35:8443/wsrf/services/ContainerRegistryService' service: ; nested exception is: org.globus.common.ChainedIOException: Authentication failed [Caused by: Failure unspecified at GSS-API level [Caused by: Unknown CA]] Can someone help me out here plz. Regards, S.Hussain
