Re: [gt-user] Debugging GT certificates: certificate trust chain failed

[W . Guo1]

Hi Dan
 
Thanks for your reply.. Unfortunately this is not a cert path problem as you can
see... I still got the same error... Could you give more advice please? Thank
you...

nim...@ubuntu:~/.globus/certificates$ grid-proxy-init -verify -debug

User Cert File: /home/nimbus/.globus/usercert.pem
User Key File: /home/nimbus/.globus/userkey.pem

Trusted CA Cert Dir: /home/nimbus/.globus/certificates

Output File: /tmp/x509up_u1000
Your identity:
/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu.eeng.brad.ac.uk/OU=eeng.brad.ac.uk/CN=n
imbus
Enter GRID pass phrase for this identity:
Creating proxy ....++++++++++++
...++++++++++++
 Done
Error: Couldn't verify the authenticity of the user's credential to generate a
proxy from.
       grid_proxy_init.c:971: globus_credential: Error verifying credential:
Failed to verify credential
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Could not verify credential: certificate signature
failure
OpenSSL Error: a_verify.c:168: in library: asn1 encoding routines, function
ASN1_item_verify: EVP lib
OpenSSL Error: rsa_eay.c:668: in library: rsa routines, function
RSA_EAY_PUBLIC_DECRYPT: data too large for modulus
nim...@ubuntu:~/.globus/certificates$ 

 
 
Kind Regards
Wei 


  _____  

From: Washington, Daniel (CDC/CCHIS/NCPHI) (CTR) [mailto:h...@cdc.gov] 
Sent: 09 September 2009 19:12
To: w.g...@bradford.ac.uk; tfree...@mcs.anl.gov
Cc: gt-user@lists.globus.org; workspace-u...@globus.org
Subject: RE: [gt-user] Debugging GT certificates: certificate trust chain
failed



Hello Tim,

It sounds like your Globus client does not trust the certificate chain
that is trusted on the Globus node.  You can solve this by running the
following procedure:

1. Create the following a certificates directory for the nimbus user under
the .globus directory.
/home/nimbus/.globus/certificates

2. Copy the <hash>.0 files from /etc/grid-security to
/home/nimbus/.globus/certificates
3. Run grid-proxy-destroy
4. Run grid-proxy-init -verify

That should solve your issue.

Dan Washington
 




-----Original Message-----
From: gt-user-boun...@lists.globus.org on behalf of w.g...@bradford.ac.uk
Sent: Wed 9/9/2009 1:09 PM
To: tfree...@mcs.anl.gov
Cc: gt-user@lists.globus.org; workspace-u...@globus.org
Subject: [gt-user] Debugging GT certificates: certificate trust chain
failed

Hi Tim

Could u please have a look at my error as below? Thanks very much!

I followed everything said by Installing GT 4.2.1: setup simpleCA,
requested
host/user certificates...

But...

nim...@ubuntu:~/.globus$ grid-cert-diagnostics -p
Checking Environment Variables
==============================
Checking if HOME is set... /home/nimbus
Checking if GLOBUS_LOCATION is set...
/home/nimbus/work/nimbus/globus/4.2.1
Checking if X509_CERT_DIR is set... no
Checking if X509_USER_CERT is set... no
Checking if X509_USER_KEY is set... no
Checking if X509_USER_PROXY is set... no
Checking if GRIDMAP is set... no

Checking Security Directories
=======================
Determining trusted cert path... /etc/grid-security/certificates
Checking for cog.properties... not found
Checking for default gridmap location... /home/nimbus/.gridmap
Checking if default gridmap exists... yes

Checking Default Credentials
==============================
Determining certificate and key file names... ok
Certificate Path: "/home/nimbus/.globus/usercert.pem"
Key Path: "/home/nimbus/.globus/userkey.pem"
Reading certificate... ok
Reading private key...
Enter GRID pass phrase for this identity:
ok
Checking Certificate Subject...
"/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu.eeng.brad.ac.uk/OU=eeng.brad.ac.
uk/CN=
nimbus"
Checking cert... ok
Checking key... ok
Checking that certificate contains an RSA key... ok
Checking that private key is an RSA key... ok
Checking that public and private keys have the same modulus... ok
Checking certificate trust chain... failed
    globus_credential: Error verifying credential: Failed to verify
credential
    globus_gsi_callback_module: Could not verify credential: certificate
signature failure
    OpenSSL Error: a_verify.c:168: in library: asn1 encoding routines,
function
ASN1_item_verify: EVP lib
    OpenSSL Error: rsa_eay.c:668: in library: rsa routines, function
RSA_EAY_PUBLIC_DECRYPT: data too large for modulus

Checking if subject is in gridmap... nimbus

Checking trusted certificates...
================================
Getting trusted certificate list...
Checking CA file /etc/grid-security/certificates/716affe6.0... ok
Checking that certificate hash matches filename... ok
Checking CA certificate name for 716affe6.0...ok
(/O=Grid/OU=GlobusTest/OU=simpleCA-ubuntu.eeng.brad.ac.uk/CN=Globus Simple
CA)
Checking if signing policy exists for 716affe6.0... ok
Verifying certificate chain for 716affe6.0... ok
nim...@ubuntu:~/.globus$



Regards
Wei







------------------------------------------------------------
This mail sent through IMP: http://webmail.brad.ac.uk
To report misuse from this email address forward the message
and full headers to mis...@bradford.ac.uk
------------------------------------------------------------