thanks
On 8/27/10 2:56 PM, "Michael Link" <[email protected]> wrote: > > On Fri 8/27/2010 7:27 AM, Hoot Thompson wrote: >> Perhaps I'm making this too hard. I follow these instructions..... >> >> Chapter 2. Configuring >> 1. Configure SimpleCA for multiple machines >> So far, you have a single machine configured with SimpleCA certificates. >> Recall that in Section 2.5, ³Confirm generated >> certificate² a CA setup package was created in >> .globus/simpleCA/globus_simple_ca_HASH_setup- >> 0.17.tar.gz. If you want to use your certificates on another machine, >> you must install that CA setup package on >> that machine. >> To install it, copy that package to the second machine and run: >> $GLOBUS_LOCATION/sbin/gpt-build globus_simple_ca_HASH_setup-0.17.tar.gz >> gcc32dbg >> $GLOBUS_LOCATION/sbin/gpt-postinstall >> Then you will have to perform setup-gsi -default from Section 2.6, >> ³Complete setup of GSI². >> If you are going to run services on the second host, it will need its >> own host certificate (Section 3, ³Host certificates²) >> and grid-mapfile (as described in the basic configuration instructions >> in Section 3, ³Add authorization²). >> You may re-use your user certificates on the new host. You will need to >> copy the requests to the host where the Sim- >> pleCA was first installed in order to sign them. >> >> >> Everything goes well until I get to the part that says "If you are going >> to run services on the second host, it will need its own host >> certificate (Section 3, ³Host certificates²) >> and grid-mapfile (as described in the basic configuration instructions >> in Section 3, ³Add authorization²)." I can create the host certificate >> but I can't sign it due to the previously mentioned error. So your >> comment says I should sign the second machine's certificate on the first >> machine and then bring it back. I'll give it a try. Bottom line is all >> I'm trying to do is get two machines trusted so I can try striped transfers. >> >> Hoot >> > Right, what Martin suggested should work. That package that you > installed on the second machine is simply the CA certificates that > enable the other machines to trust that CA and the certificates it > signs. The CA itself only lives on a single machine. > >> >> -----Original Message----- >> *From*: Martin Feller <[email protected] >> <mailto:martin%20feller%20%[email protected]%3e>> >> *To*: Hoot Thompson <[email protected] >> <mailto:hoot%20thompson%20%[email protected]%3e>> >> *Cc*: [email protected] <mailto:[email protected]> >> *Subject*: Re: [gt-user] Stripe mode over multiple links between two servers >> *Date*: Fri, 27 Aug 2010 07:04:53 -0500 >> >> The CA itself should stay on one machine and should not be copied to >> multiple nodes in a grid. It's probably only located on the first >> machine in your case. >> Does it work if you copy the host certificate request from the second >> machine to the first machine, sign it there, and copy the generated >> certificate back to the second machine, where the corresponding private >> key of the host certificate lives? >> >> Martin >>
