Yes, good. Beyond this, there are only the cautions regarding differences in hash algorithms between OpenSSL 1.0 and previous versions. If your system is using OpenSSL 1.0, you will have to create soft links to direct the newer-style hashes to the older-style ones. THis is discussed further in the description of the globus-update-certificate-dir program under
http://www.globus.org/toolkit/docs/latest-stable/security/gsic/pi/ Alan On May 27, 2010, at 8:40 AM, huong luu wrote: > Hi all, > > This is the solution for my problem coming from Raj Kettimuthu (mcs.anl): > > [email protected] to me > show details 12:12 AM (9 hours ago) > Huong, > Check if the steps below work. > > Here are the steps to obtain DOE host certificate. > > 1. download the DOE support CA files tarball from > http://pki1.doegrids.org/Other/doegrids.tar > 2. untar it in /etc/grid-security > 3. copy the following files in /etc/grid-security/doegrids to > /etc/grid-security/certificates > 1c3f2ca8.0 > 1c3f2ca8.signing_policy > globus-host-ssl.conf.1c3f2ca8 > globus-user-ssl.conf.1c3f2ca8 > grid-security.conf.1c3f2ca8 > d1b603c3.0 > d1b603c3.signing_policy > 4. cp /etc/grid-security/doegrids/globus-host-ssl.conf.1c3f2ca8 > /etc/grid-security/globus-host-ssl.conf > cp /etc/grid-security/doegrids/globus-user-ssl.conf.1c3f2ca8 > /etc/grid-security/globus-user-ssl.conf > cp /etc/grid-security/doegrids/grid-security.conf.1c3f2ca8 > /etc/grid-security/grid-security.conf > > 5. run 'grid-cert-request -host <hostname>' from your Globus install as root > 6. Go to the 'http://pki1.doegrids.org/ca/'. Select "Grid or SSL Server". > Copy and paste the Certificate Signing Request (output of step 5) > into the "PKCS#10 Request" text box. Fill out the rest of the form and > "Submit". > Thank you all and best regards, > Huong > > > On Thu, May 27, 2010 at 9:19 AM, huong luu <[email protected]> wrote: > I did run gpt-postinstall and I had everything's fine: > > glo...@cuong-desktop:/usr/local/globus-5.0.1$ sbin/gpt-postinstall > All of the packages in your GLOBUS_LOCATION are already set up. > > And if I use grid-cert-request instead of doegrids-cert-request, I have this > error: > > glo...@cuong-desktop:/usr/local/globus-5.0.1$ grid-cert-request -host > cuong-desktop > Error reading > /etc/grid-security/globus-user-ssl.conf > /etc/grid-security/globus-host-ssl.conf > ${GLOBUS_LOCATION}/etc/globus-user-ssl.conf > ${GLOBUS_LOCATION}/etc/globus-host-ssl.conf > > Can't find valid CA config files. Please make sure > that the grid administrator has installed a CA setup > package and run gpt-postinstall. > > I don't know what I did wrong. All that I did is follow the instructions in > http://www.globus.org/toolkit/docs/latest-stable/admin/install/#gtadmin > (including installation Globus Toolkit and starting security configuration) > till chapter 5, section 2: obtain host certificate. > > Thanks for your help, > Huong > > On Wed, May 26, 2010 at 9:33 PM, Alain Roy via RT > <[email protected]> wrote: > The VDT doesn't yet ship Globus 5.0, so the installation in question is > not VDT based. This means that it's hard for me to debug. > > One thought: did you run gpt-postinstall? > > I never use doegrids-cert-request--in OSG we recommend the use of an > alternative tool. So I'm not familiar with this error message. > > -alain > ----------------------------------------------------------------- > Alain Roy [email protected] > VDT Support http://vdt.cs.wisc.edu/support.html > > > -- > View ticket at > <http://crt.cs.wisc.edu/Ticket/Display.html?user=guest&pass=guest&id=7039> > VDT Support: [email protected] > > Alan Sill, Ph.D Senior Scientist, High Performance Computing Center Adjunct Professor of Physics TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: [email protected] ph. 806-742-4350 fax 806-742-4358 : ====================================================================
