Well that got rid of that error message, on to the next one......
[h...@i7test3 ~]$ $GLOBUS_LOCATION/bin/globus-url-copy -vb file:/i7raid/hoot/file_12GB gsiftp://192.168.1.13/i7raid/hoot/file_12GB Source: file:/i7raid/hoot/ Dest: gsiftp://192.168.1.13/i7raid/hoot/ file_12GB error: globus_ftp_client: the server responded with an error 530 530-globus_xio: Server side credential failure 530-globus_gsi_gssapi: Error with gss credential handle 530-globus_gsi_gssapi: Error with openssl: Couldn't set the private key to be used for the SSL context 530-OpenSSL Error: x509_cmp.c:398: in library: x509 certificate routines, function X509_check_private_key: key values mismatch 530 End. -----Original Message----- From: Michael Link <[email protected]> To: Hoot Thompson <[email protected]> Cc: Prakash Velayutham <[email protected]>, [email protected] Subject: Re: [gt-user] Stripe mode over multiple links between two servers Date: Tue, 31 Aug 2010 13:54:53 -0500 Are you running the server as root? If not, it can't use the host cert, and you'll see the error you're getting. You'll also need to recreate the host cert with the the full hostname. Mike On Tue 8/31/2010 12:01 PM, Hoot Thompson wrote: > Here's what's in the hostcert_request.pem > > Certificate Subject: > > /O=Grid/OU=GlobusTest/OU=simpleCA-i7test3.sci.gsfc.nasa.gov/CN=host/i7test4-10g > > BTW, I can't run the grid-cert-request as root. Could that be causing > the confusion? > > > > -----Original Message----- > *From*: Prakash Velayutham <[email protected] > <mailto:prakash%20velayutham%20%[email protected]%3e>> > *To*: Hoot Thompson <[email protected] > <mailto:hoot%20thompson%20%[email protected]%3e>> > *Cc*: Michael Link <[email protected] > <mailto:michael%20link%20%[email protected]%3e>>, > [email protected] <mailto:[email protected]> > *Subject*: Re: [gt-user] Stripe mode over multiple links between two servers > *Date*: Tue, 31 Aug 2010 12:07:55 -0400 > > Hi, > > Did you give the proper DNS name (or IP address) of the server when you > generated its host key (Common Name)? If you thought it was asking or > your name instead of the server's name, then this will happen. > > Prakash > On Aug 31, 2010, at 11:53 AM, Hoot Thompson wrote: >> Back again.... >> >> This one has me really confused. I somehow ended up with my name as >> the authenticated hostname and I can't figure out how. Looking at the >> pem files, all appears well but something is obviously amiss. >> >> The expected name for the remote host >> ([email protected] >> <mailto:[email protected]>) does not match the >> authenticated name of the remote host (Hoot Thompson) >> >> >> -----Original Message----- >> *From*: Michael Link <[email protected] >> <mailto:michael%20link%20%[email protected]%3e>> >> *To*: Hoot Thompson <[email protected] >> <mailto:hoot%20thompson%20%[email protected]%3e>> >> *Cc*: Martin Feller <[email protected] >> <mailto:martin%20feller%20%[email protected]%3e>>, >> [email protected] <mailto:[email protected]> >> *Subject*: Re: [gt-user] Stripe mode over multiple links between two >> servers >> *Date*: Fri, 27 Aug 2010 13:56:20 -0500 >> >> On Fri 8/27/2010 7:27 AM, Hoot Thompson wrote: >> > Perhaps I'm making this too hard. I follow these instructions..... >> > >> > Chapter 2. Configuring >> > 1. Configure SimpleCA for multiple machines >> > So far, you have a single machine configured with SimpleCA certificates. >> > Recall that in Section 2.5,“Confirm generated >> > certificate” a CA setup package was created in >> > .globus/simpleCA/globus_simple_ca_HASH_setup- >> > 0.17.tar.gz. If you want to use your certificates on another machine, >> > you must install that CA setup package on >> > that machine. >> > To install it, copy that package to the second machine and run: >> > $GLOBUS_LOCATION/sbin/gpt-build globus_simple_ca_HASH_setup-0.17.tar.gz >> > gcc32dbg >> > $GLOBUS_LOCATION/sbin/gpt-postinstall >> > Then you will have to perform setup-gsi -default from Section 2.6, >> > “Complete setup of GSI”. >> > If you are going to run services on the second host, it will need its >> > own host certificate (Section 3,“Host certificates”) >> > and grid-mapfile (as described in the basic configuration instructions >> > in Section 3,“Add authorization”). >> > You may re-use your user certificates on the new host. You will need to >> > copy the requests to the host where the Sim- >> > pleCA was first installed in order to sign them. >> > >> > >> > Everything goes well until I get to the part that says"If you are going >> > to run services on the second host, it will need its own host >> > certificate (Section 3,“Host certificates”) >> > and grid-mapfile (as described in the basic configuration instructions >> > in Section 3,“Add authorization”)." I can create the host certificate >> > but I can't sign it due to the previously mentioned error. So your >> > comment says I should sign the second machine's certificate on the first >> > machine and then bring it back. I'll give it a try. Bottom line is all >> > I'm trying to do is get two machines trusted so I can try striped >> > transfers. >> > >> > Hoot >> > >> Right, what Martin suggested should work. That package that you >> installed on the second machine is simply the CA certificates that >> enable the other machines to trust that CA and the certificates it >> signs. The CA itself only lives on a single machine. >> >> > >> > -----Original Message----- >> > *From*: Martin Feller<[email protected] <mailto:[email protected]> >> > <mailto:martin%20feller%20%[email protected]%3e>> >> > *To*: Hoot Thompson<[email protected] <mailto:[email protected]> >> > <mailto:hoot%20thompson%20%[email protected]%3e>> >> > *Cc*:[email protected] <mailto:[email protected]> >> > <mailto:[email protected]> >> > *Subject*: Re: [gt-user] Stripe mode over multiple links between two >> > servers >> > *Date*: Fri, 27 Aug 2010 07:04:53 -0500 >> > >> > The CA itself should stay on one machine and should not be copied to >> > multiple nodes in a grid. It's probably only located on the first >> > machine in your case. >> > Does it work if you copy the host certificate request from the second >> > machine to the first machine, sign it there, and copy the generated >> > certificate back to the second machine, where the corresponding private >> > key of the host certificate lives? >> > >> > Martin >> > >> >> > > >
