Hello Estani, Please see http://www.globus.org/toolkit/docs/latest-stable/security/gsic/admin/#gsic-configuring-trustCA for documentation about the CA certificate hash used in GSI programs like MyProxy.
-Jim On 8/5/10 9:01 AM, Estanislao Gonzalez wrote: > Hello *, > > I've being trying to setup a MyProxy server with a simpleCA without any > success. > > After regenerating the simpleCA a couple of times I keep on getting the > following message: > > ~ # $GLOBUS_LOCATION/sbin/myproxy-server -d -v > myproxy-server v4.8 10 Sep 2009 PAM OCSP starting at Thu Aug 5 14:56:31 > 2010 > reading configuration file /etc/myproxy-server.config > PAM enabled, policy required > CA enabled > using storage directory /var/myproxy > Starting myproxy-server on localhost:7512... > using trusted certificates directory /etc/grid-security/certificates/ > Error authenticating client: GSS Major Status: Authentication Failed GSS > Minor Status Error Chain: globus_gsi_gssapi: SSLv3 handshake problems > OpenSSL Error: s3_srvr.c:2516: in library: SSL routines, function > SSL3_GET_CLIENT_CERTIFICATE: no certificate returned > globus_gsi_callback_module: Could not verify credential > globus_gsi_callback_module: Can't get the local trusted CA certificate: > Cannot find trusted CA certificate with hash 83bc333 in > /etc/grid-security/certificates/ > Exiting: authentication failed > > The main question is where this hash value comes from: 83bc333 > I've probably deleted this file while regenerating the SimpleCA > certificate. > I've perform a hash value on all certificates in this machine without > any success. I guess it is created from the subject in some > configuration file. > > Thanks, > Estani
