Thanks for your reply, What i did is now that i copied usercert.pem from
globus (user) to kasim (user) and gave the command , then the following
error occurred.*
**
Command:grid-proxy-init -verify -debug
User Cert File: /home/kasim/.globus/usercert.pem
User Key File: /home/kasim/.globus/userkey.pem
Trusted CA Cert Dir: /etc/grid-security/certificates
Output File: /tmp/x509up_u1000
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-kasim-laptop/CN=kasim
Enter GRID pass phrase for this identity:
Creating proxy ..++++++++++++
...............++++++++++++
Done
Error: Couldn't verify the authenticity of the user's credential to generate
a proxy from.
grid_proxy_init.c:971: globus_credential: Error verifying credential:
Failed to verify credential
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Could not verify credential: certificate
signature failure
OpenSSL Error: a_verify.c:173: in library: asn1 encoding routines, function
ASN1_item_verify: EVP lib
OpenSSL Error: rsa_eay.c:697: in library: rsa routines, function
RSA_EAY_PUBLIC_DECRYPT: padding check failed
OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function
RSA_padding_check_PKCS1_type_1: block type is not 01*
Then I checked hostcert and hostkey (following is the output and command),
they were correct.
*
grid-proxy-init -debug -verify \-cert /etc/grid-security/hostcert.pem \-key
/etc/grid-security/hostkey.pem
User Cert File: /etc/grid-security/hostcert.pem
User Key File: /etc/grid-security/hostkey.pem
Trusted CA Cert Dir: /etc/grid-security/certificates
Output File: /tmp/x509up_u0
Your identity:
/O=Grid/OU=GlobusTest/OU=simpleCA-kasim-laptop/CN=host/kasim-laptop
Creating proxy ...++++++++++++
...++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Wed Jan 26 09:26:35 2011
*//////////
then i copied /etc/grid-security/certificates to kasim (user), the following
error occurred.
*
grid-proxy-init -verify -debug
User Cert File: /home/kasim/.globus/usercert.pem
User Key File: /home/kasim/.globus/userkey.pem
Trusted CA Cert Dir: /home/kasim/.globus/certificates
Output File: /tmp/x509up_u1000
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-kasim-laptop/CN=kasim
Enter GRID pass phrase for this identity:
Creating proxy ...++++++++++++
.++++++++++++
Done
Error: Couldn't verify the authenticity of the user's credential to generate
a proxy from.
grid_proxy_init.c:971: globus_credential: Error verifying credential:
Failed to verify credential
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Could not verify credential: certificate
signature failure
OpenSSL Error: a_verify.c:173: in library: asn1 encoding routines, function
ASN1_item_verify: EVP lib
OpenSSL Error: rsa_eay.c:697: in library: rsa routines, function
RSA_EAY_PUBLIC_DECRYPT: padding check failed
OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function
RSA_padding_check_PKCS1_type_1: block type is not 01
*I am naive to globus and Linux, can you explain a little bit .p12 file and
its purpose.
Please Help.
Regards
Kaasim Saeed.
On Tue, Jan 25, 2011 at 9:48 PM, Muhammad Junaid <[email protected]>wrote:
> Dear kasim,
>
> You should check if the file usercert.pem has size zero. i think you create
> usercert.pem from a .p12 file. check the openssl command that u have used to
> create this usercert.pem file.
> file should not be zero size.
>
> Junaid
>
> kasim saeed wrote:
>
>> Thanks a lot for your help,it is your help due to which i am moving
>> forward. Now when i gave the following command
>>
>> _*
>> grid-proxy-init -verify -debug*_
>>
>> The following error occurred.
>> Error: Couldn't find valid credentials to generate a proxy.
>> grid_proxy_init.c:549: globus_sysconfig: Error with certificate
>> filename
>> globus_sysconfig: Error with certificate filename
>> globus_sysconfig: File has zero length: File:
>> /home/kasim/.globus/usercert.pem
>>
>> Please Help.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Regards
>> Kaasim Saeed.
>>
>>
>> On Tue, Jan 25, 2011 at 7:16 PM, Lukasz Lacinski
>> <[email protected]<mailto:
>> [email protected]>> wrote:
>>
>> Users to get access to a grid service/resource use their
>> certificates to authenticate themselves. A subject (distinguish
>> name) of a user certificate is a part of the certificate saying
>> about the identity of the user. Users on a computer systems are
>> identified by their usernames. The file
>> /etc/grid-security/grid-mapfile is used to map user certificates
>> (DNs - Distinguish Names) to user names (accounts) on a machine
>> with a grid service. If you want to use your certificate to get
>> access to a chosen user account on a remote machine with a grid
>> service you have to add the following mapping
>>
>> "DN_from_your_certificate"
>> a_user_name_you_want_to_use_on_the_remote_machine
>>
>> to /etc/grid-security/grid-mapfile on the remote machine. To do
>> that you can use a text editor and edit grid-mapfile or
>> accordingly to the documentation
>>
>> http://www.globus.org/toolkit/docs/5.0/5.0.2/admin/install/#gtadmin-basic-gridmap
>> ,
>> you can use the command grid-mapfile-add-entry.
>>
>> Lukasz
>>
>>
>>
>> On 1/25/11 7:18 AM, kasim saeed wrote:
>>
>>> Hi
>>> I don`t have words to appreciate the help you have provided so
>>> far, I need little help more. Now that the certificate has been
>>> signed. When I gave the following command ,
>>>
>>> **|vim /etc/grid-security/grid-mapfile|**
>>>
>>>
>>>
>>> it opens the editor and I really don`t know what to do after
>>> that, Because in the quick guide ( _*
>>> http://www.globus.org/toolkit/docs/4.0/admin/docbook/quickstart.html#q-vo*_
>>> ) nothing is given about that, in fact it says do the following
>>> command
>>> *|cat /etc/grid-security/grid-mapfile|*
>>> after that.
>>>
>>> *||*
>>>
>>>
>>>
>>>
>>> Please Help.
>>>
>>>
>>>
>>> Regards
>>> Kaasim Saeed.
>>>
>>>
>>> On Sun, Jan 23, 2011 at 5:22 PM, Lukasz Lacinski
>>> <[email protected] <mailto:[email protected]>> wrote:
>>>
>>> On 1/23/11 3:03 AM, kasim saeed wrote:
>>>
>>>> **|Thanks .
>>>> |**I gave the following commands for grid-cert-request,
>>>> **|
>>>>
>>>>
>>>> export GLOBUS_LOCATION=/usr/local/globus
>>>> |*||*|source $GLOBUS_LOCATION/etc/globus-user-env.csh|*
>>>> ||*|grid-cert-request|**
>>>> They ran sucessfully , the only difference is that i ran
>>>> ****|source $GLOBUS_LOCATION/etc/globus-user-env.sh|****
>>>> instead of .*csh*,
>>>>
>>>> if I gave this command with *.csh* then it says,
>>>>
>>>> bash: /usr/local/globus//etc/globus-user-env.csh: line 167:
>>>> syntax error: unexpected end of file
>>>>
>>> The documentation
>>>
>>> http://www.globus.org/toolkit/docs/5.0/5.0.2/admin/install/#gtadmin-basic-environment
>>> says which script should be used when? .csh if you use C
>>> shell, .sh if you use sh (Bourne shell) or bash (Bourne again
>>> shell).
>>>
>>> so i ran with sh. I assume this should have requested grid-cert.
>>>>
>>> You can check it. According to the documentation
>>>
>>> http://www.globus.org/toolkit/docs/5.0/5.0.2/admin/install/#gtadmin-simpleca-usercert
>>> a request should be in $HOME/.globus/usercert_request.pem.
>>>
>>> Lukasz
>>>
>>>
>>>>
>>>>
>>>> On Sun, Jan 23, 2011 at 1:27 PM, Lukasz Lacinski
>>>> <[email protected] <mailto:[email protected]>> wrote:
>>>>
>>>> There is not the file request.pem you want to sign.
>>>> That's why you get the error. You need to generate a
>>>> certificate request (a user certificate request, I
>>>> guess) using the command grid-cert-request as a normal
>>>> user who wants a certificate. The copy the request
>>>> $HOME/.globus/usercert_request.pem to a different
>>>> directory accessible by an owner of your Globus
>>>> Certifcate Authority (globus or root). Then use
>>>> 'grid-ca-sign' to sign the request pointing it out (the
>>>> option -in) where it has been copied to.
>>>>
>>>>
>>>> http://www.globus.org/toolkit/docs/5.0/5.0.2/admin/install/#gtadmin-simpleca-usercert
>>>>
>>>> Lukasz
>>>>
>>>>
>>>> On 1/23/11 2:14 AM, kasim saeed wrote:
>>>>
>>>>> Thanks for your help.Following is the output of _*ls
>>>>> -l*_ command.
>>>>> *
>>>>> total 55396
>>>>>
>>>>> drwxr-xr-x 3 globus globus 4096 2011-01-23 00:44 BUILD
>>>>>
>>>>> -rw-r--r-- 1 globus globus 360 2011-01-23 00:44
>>>>> build.log
>>>>>
>>>>> -rw-r--r-- 1 globus globus 179 2011-01-22 21:51
>>>>> examples.desktop
>>>>>
>>>>> drwxr-xr-x 6 globus globus 4096 2011-01-22 22:01
>>>>> gt5.0.2-all-source-installer
>>>>>
>>>>> -rwxr-xr-x 1 root root 56704884 2011-01-22 21:54
>>>>> gt5.0.2-all-source-installer.tar.bz2
>>>>>
>>>>> -rw-r--r-- 1 globus globus 2670 2011-01-23 00:51
>>>>> hostsigned.pem*
>>>>>
>>>>> Regards
>>>>> Kaasim Saeed.
>>>>>
>>>>>
>>>>> On Sun, Jan 23, 2011 at 12:28 PM, Lukasz Lacinski
>>>>> <[email protected]
>>>>> <mailto:[email protected]>> wrote:
>>>>>
>>>>> Hi Kaasim,
>>>>>
>>>>> There is only one place in GT 5 (grid-ca-sign)
>>>>> where the output can be generated:
>>>>>
>>>>> if test ! -r ${INPUT_REQ_FILE}; then
>>>>> echo ""
>>>>> echo "ERROR: The file:
>>>>> ${INPUT_REQ_FILE} is not readable"
>>>>> echo ""
>>>>> exit 1
>>>>> fi
>>>>>
>>>>> Please, can you show output from the command ls -l,
>>>>> after you run the command
>>>>>
>>>>> # grid-ca-sign -in request.pem -out signed.pem
>>>>>
>>>>> Lukasz
>>>>>
>>>>>
>>>>> On 1/22/11 2:15 PM, kasim saeed wrote:
>>>>>
>>>>>> Hi all
>>>>>> I am new to Globus and installing it for academic
>>>>>> purposes.
>>>>>>
>>>>>> I am following globus 4.0 quick start (
>>>>>> _*
>>>>>> http://www.globus.org/toolkit/docs/4.0/admin/docbook/quickstart.html#q-vo
>>>>>> *_)
>>>>>>
>>>>>> GT version: GT 5
>>>>>> OS : Ubuntu 10.04
>>>>>>
>>>>>> Everything goes fine until i gave the following
>>>>>> command
>>>>>> _*|grid-ca-sign -in request.pem -out signed.pem|*_
>>>>>>
>>>>>>
>>>>>>
>>>>>> _ERROR: The file: request.pem is not readable_
>>>>>> I have checked all
>>>>>> the permissions, they are rite,
>>>>>> further i tried to run this command as root, but
>>>>>> still the same error.
>>>>>>
>>>>>> Please Help.
>>>>>>
>>>>>> Regards
>>>>>> Kaasim Saeed.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
