thanks

On 8/27/10 2:56 PM, "Michael Link" <[email protected]> wrote:

> 
> On Fri 8/27/2010 7:27 AM, Hoot Thompson wrote:
>> Perhaps I'm making this too hard.  I follow these instructions.....
>> 
>> Chapter 2. Configuring
>> 1. Configure SimpleCA for multiple machines
>> So far, you have a single machine configured with SimpleCA certificates.
>> Recall that in Section 2.5, ³Confirm generated
>> certificate² a CA setup package was created in
>> .globus/simpleCA/globus_simple_ca_HASH_setup-
>> 0.17.tar.gz. If you want to use your certificates on another machine,
>> you must install that CA setup package on
>> that machine.
>> To install it, copy that package to the second machine and run:
>> $GLOBUS_LOCATION/sbin/gpt-build globus_simple_ca_HASH_setup-0.17.tar.gz
>> gcc32dbg
>> $GLOBUS_LOCATION/sbin/gpt-postinstall
>> Then you will have to perform setup-gsi -default from Section 2.6,
>> ³Complete setup of GSI².
>> If you are going to run services on the second host, it will need its
>> own host certificate (Section 3, ³Host certificates²)
>> and grid-mapfile (as described in the basic configuration instructions
>> in Section 3, ³Add authorization²).
>> You may re-use your user certificates on the new host. You will need to
>> copy the requests to the host where the Sim-
>> pleCA was first installed in order to sign them.
>> 
>> 
>> Everything goes well until I get to the part that says "If you are going
>> to run services on the second host, it will need its own host
>> certificate (Section 3, ³Host certificates²)
>> and grid-mapfile (as described in the basic configuration instructions
>> in Section 3, ³Add authorization²)." I can create the host certificate
>> but I can't sign it due to the previously mentioned error. So your
>> comment says I should sign the second machine's certificate on the first
>> machine and then bring it back. I'll give it a try. Bottom line is all
>> I'm trying to do is get two machines trusted so I can try striped transfers.
>> 
>> Hoot
>> 
> Right, what Martin suggested should work.  That package that you
> installed on the second machine is simply the CA certificates that
> enable the other machines to trust that CA and the certificates it
> signs.  The CA itself only lives on a single machine.
> 
>> 
>> -----Original Message-----
>> *From*: Martin Feller <[email protected]
>> <mailto:martin%20feller%20%[email protected]%3e>>
>> *To*: Hoot Thompson <[email protected]
>> <mailto:hoot%20thompson%20%[email protected]%3e>>
>> *Cc*: [email protected] <mailto:[email protected]>
>> *Subject*: Re: [gt-user] Stripe mode over multiple links between two servers
>> *Date*: Fri, 27 Aug 2010 07:04:53 -0500
>> 
>> The CA itself should stay on one machine and should not be copied to
>> multiple nodes in a grid. It's probably only located on the first
>> machine in your case.
>> Does it work if you copy the host certificate request from the second
>> machine to the first machine, sign it there, and copy the generated
>> certificate back to the second machine, where the corresponding private
>> key of the host certificate lives?
>> 
>> Martin
>> 


Reply via email to