Hi,
For the record the Globus Toolkit searches in the following places
for the trusted CAs directory, it will use the first one it finds
searching in the order defined here:
1. X509_CERT_DIR environment variable.
2. A directory in the user's home directory:
* $HOME/.globus/certificates/ if using UNIX or Linux.
* C:\Documents and Settings\USER\.globus if using Windows.
3. /etc/grid-security/certificates. This is not applicable for
Windows.
4. $GLOBUS_LOCATION/share/certificates. This is not applicable if
using Tomcat.
You found the first but you also have the options that follow. For the
record I copy pasted this from the OGSA-DAI documentation.
Mario
On Wed, 5 Aug 2009, Thomas Leitner wrote:
Hi!
After some little research work I found the solution - maybe someone else
experiences the same problem.
The Globus container doesn't know where the trusted CA certificates
(simpleCA) are. So I set
the environment variable X509_CERT_DIR=/etc/grid-security/certificates/.
Now it works.
Thomas
-----------------------------------------------------------
Thomas Leitner
Research Assistant
Institute for Application-oriented Knowledge Processing
Johannes Kepler University Linz
A-4040 Linz, Altenberger Straße 69
On Jul 30, 2009, at 9:28 AM, Thomas Leitner wrote:
Hello everyone!
I'm getting troubles when starting the container with security options.
When I start the container with the "-nosec"-Option everything is fine.
Also creating a proxy (grid-proxy-init) is successfully.
The error I encounter is:
Failed to obtain a list of services from
'https://192.168.1.121:8443/wsrf/services/ContainerRegistryService'
service: ; nested exception is:
org.globus.common.ChainedIOException: Authentication failed [Caused
by: Failure unspecified at GSS-API level [Caused by: Unknown CA]]
2009-07-30 09:05:56,732 ERROR container.ServiceThread
[ServiceThread-72,run:297] Unexpected error during request processing
java.lang.NullPointerException
at
org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:151)
at
org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
I am using SimpleCA and have set up the CA like in the tutorial stated.
A short overview what I have done and where the certificates are located:
- The certificates (container) in the /etc/grid-security folder:
certificates globus-host-ssl.conf grid-mapfile.old
hostcert_request.pem
containercert.pem globus-user-ssl.conf grid-security.conf
hostkey.pem
containerkey.pem grid-mapfile hostcert.pem
- Also the simpleCA is set up in the /Users/userx/simpleCA folder.
Has anyone a clue what the problem is?
Thanks in advance,
Thomas
-----------------------------------------------------------
Thomas Leitner
Research Assistant
Institute for Application-oriented Knowledge Processing
Johannes Kepler University Linz
A-4040 Linz, Altenberger Straße 69
+-----------------------------------------------------------------------+
|Mario Antonioletti:EPCC,JCMB,The King's Buildings,Edinburgh EH9 3JZ. |
|Tel:0131 650 5141|[email protected]|http://www.epcc.ed.ac.uk/~mario/ |
+-----------------------------------------------------------------------+
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
