Hello Tim, It sounds like your Globus client does not trust the certificate chain that is trusted on the Globus node. You can solve this by running the following procedure:
1. Create the following a certificates directory for the nimbus user under the .globus directory. /home/nimbus/.globus/certificates 2. Copy the <hash>.0 files from /etc/grid-security to /home/nimbus/.globus/certificates 3. Run grid-proxy-destroy 4. Run grid-proxy-init -verify That should solve your issue. Dan Washington -----Original Message----- From: [email protected] on behalf of [email protected] Sent: Wed 9/9/2009 1:09 PM To: [email protected] Cc: [email protected]; [email protected] Subject: [gt-user] Debugging GT certificates: certificate trust chain failed Hi Tim Could u please have a look at my error as below? Thanks very much! I followed everything said by Installing GT 4.2.1: setup simpleCA, requested host/user certificates... But... nim...@ubuntu:~/.globus$ grid-cert-diagnostics -p Checking Environment Variables ============================== Checking if HOME is set... /home/nimbus Checking if GLOBUS_LOCATION is set... /home/nimbus/work/nimbus/globus/4.2.1 Checking if X509_CERT_DIR is set... no Checking if X509_USER_CERT is set... no Checking if X509_USER_KEY is set... no Checking if X509_USER_PROXY is set... no Checking if GRIDMAP is set... no Checking Security Directories ======================= Determining trusted cert path... /etc/grid-security/certificates Checking for cog.properties... not found Checking for default gridmap location... /home/nimbus/.gridmap Checking if default gridmap exists... yes Checking Default Credentials ============================== Determining certificate and key file names... ok Certificate Path: "/home/nimbus/.globus/usercert.pem" Key Path: "/home/nimbus/.globus/userkey.pem" Reading certificate... ok Reading private key... Enter GRID pass phrase for this identity: ok Checking Certificate Subject... "/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu.eeng.brad.ac.uk/OU=eeng.brad.ac.uk/CN= nimbus" Checking cert... ok Checking key... ok Checking that certificate contains an RSA key... ok Checking that private key is an RSA key... ok Checking that public and private keys have the same modulus... ok Checking certificate trust chain... failed globus_credential: Error verifying credential: Failed to verify credential globus_gsi_callback_module: Could not verify credential: certificate signature failure OpenSSL Error: a_verify.c:168: in library: asn1 encoding routines, function ASN1_item_verify: EVP lib OpenSSL Error: rsa_eay.c:668: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: data too large for modulus Checking if subject is in gridmap... nimbus Checking trusted certificates... ================================ Getting trusted certificate list... Checking CA file /etc/grid-security/certificates/716affe6.0... ok Checking that certificate hash matches filename... ok Checking CA certificate name for 716affe6.0...ok (/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu.eeng.brad.ac.uk/CN=Globus Simple CA) Checking if signing policy exists for 716affe6.0... ok Verifying certificate chain for 716affe6.0... ok nim...@ubuntu:~/.globus$ Regards Wei ------------------------------------------------------------ This mail sent through IMP: http://webmail.brad.ac.uk To report misuse from this email address forward the message and full headers to [email protected] ------------------------------------------------------------
