HI,
the UK eScience CA is one of the CAs accredited by the International
Grid Trust Federation (IGTF), which was formed specifically for the
purpose of accrediting grid CAs for VOS to common standards. The IGTF
maintains a distribution of accredited, experimental and other related
CAs and the CA files can in many cases be obtained by secure methods
separately via the TACAR organization. The IGTF CA files are part of
several grid software packages, including the Virtual Data Toolkit,
EGEE, LCG and other smaller grid software sets.
URLs to find out more:
http://igtf.net
http://tacar.org
http://vdt.cs.wisc.edu/
Alan
On Jan 21, 2009, at 10:42 AM, Sardar Hussain wrote:
--- On Wed, 1/21/09, Sardar Hussain <[email protected]> wrote:
Hi,
I have a problem with certificates from multiple CA's.
My scenario is as following.
I have my globus container using UK e-Science certificates at
location /etc/grid-security/ and its CA and signing policy at /etc/
grid-security/certificates/. Globus is running fine with no errors.
I have a user "permistest" who is using certificates from some other
CA (not e-Science) and its certificates at /home/permistest/.globus/
and its CA and signing policy at /home/permistest/.globus/
certificates/
I can generate a proxy for permistest successfully and can verify
against its CA as well.
Now when I try to access a service through this "permistest" user I
get the "unknown CA" error as following
[permist...@salarzai .globus]$ globus-stop-container
Error: ; nested exception is:
org.globus.common.ChainedIOException: Authentication failed
[Caused by: Failure unspecified at GSS-API level [Caused by: Unknown
CA]]
Here I think globus is using e-Science CA for this user to
authenticate.
Alternatively when I put the CA and its signing policy for
permistest in the /etc/grid-security/certificates and then try to
access a service from the container through "permistest" it
generates the same above error.
I then put the CA and signing policy for the "permistest" user in
the /home/globus/.globus/certificates directory as well but now I
even can't start my container throwing the above error:
[glo...@salarzai globus-4.0.4]$ globus-start-container
Failed to obtain a list of services from 'https://130.209.58.35:8443/wsrf/services/ContainerRegistryService'
service: ; nested exception is:
org.globus.common.ChainedIOException: Authentication failed
[Caused by: Failure unspecified at GSS-API level [Caused by: Unknown
CA]]
Can someone help me out here plz.
Regards,
S.Hussain
Alan Sill, Ph.D
Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: [email protected] ph. 806-742-4350 fax 806-742-4358 :
====================================================================
