On 9/12/11 3:22 AM, Amitav Mohanty wrote:
On 09/12/2011 03:44 AM, Lukasz Lacinski wrote:
Hi Amitav,
What does the command $GLOBUS_LOCATION/bin/globus-hostname return? Is
it a hostname or a fully qualified domain name (FQDN)?
My guess is that you need to correct /etc/hosts. Please, look at the
manual about a format of the file.
Please, use the mailing list 'gt-user' instead of the 'gt-dev' that
is for Globus Toolkit developers.
Regards,
Lukasz
On 9/11/11 3:48 PM, Amitav Mohanty wrote:
Hello
While using perl gt-server-ca.pl <http://gt-server-ca.pl> -y as root
I am unable to generate the certifiactes. In the log, I found the
following line:
The hostname shelby-500 does not appear to be fully qualified.
Please advise on what is causing this error and how I can resolve it.
Regards
Amitav
Hello
You were right. I was working on an Ubuntu system. I did not know they
did not provide FQDN by default. Also, they define multiple localhost
IPs as follows:
127.0.0.1 localhost
127.0.1.1 Shelby-500
I am running xinetd successfully and getting gsiftp and myproxy
services. However, I am unable to login using myproxy-logon -s.
chini@Shelby-500:~$ ls /etc/grid-security/certificates/
583da668.0 globus-user-ssl.conf.583da668
583da668.signing_policy grid-security.conf.583da668
globus-host-ssl.conf.583da668
chini@Shelby-500:~$ myproxy-logon -s Shelby-500
Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
OpenSSL Error: s3_clnt.c:985: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Can't get the local trusted CA certificate: Cannot
find trusted CA certificate with hash 85856cce in
/etc/grid-security/certificates
It looks like a host certificate (/etc/grid-security/hostcert.pem) used
by the MyProxy server on Shelby-500 is signed by a different CA (the
hash 85856cce) than that one with a root certificate
/etc/grid-security/certificates/583da668.0.
What do the following commands say:
$ openssl verify -CApath /etc/grid-security/certificates
/etc/grid-security/hostcert.pem
$ openssl x509 -noout -issuer -in /etc/grid-security/hostcert.pem
$ openssl x509 -noout -subject -in
/etc/grid-security/certificates/583da668.0
-Lukasz
The error messages in /var/log/syslog are as follows:
Sep 12 13:47:42 Shelby-500 myproxy-server[6126]: myproxy-server v5.4 22 Apr
2011 OCSP starting at Mon Sep 12 13:47:42 2011
Sep 12 13:47:42 Shelby-500 myproxy-server[6126]: reading configuration file
/etc/myproxy-server.config
Sep 12 13:47:42 Shelby-500 myproxy-server[6126]: Processing usage_stats_target
(usage-stats.cilogon.org:4810)
Sep 12 13:47:43 Shelby-500 myproxy-server[6126]: USAGE-STATS: Initialized
(usage-stats.cilogon.org:4810) (VvtrlLB)
Sep 12 13:47:43 Shelby-500 myproxy-server[6126]: using storage directory
/var/myproxy
Sep 12 13:47:43 Shelby-500 myproxy-server[6126]: Connection from 127.0.0.1
Sep 12 13:47:43 Shelby-500 myproxy-server[6126]: Error authenticating client:
Connection closed.
Sep 12 13:47:43 Shelby-500 myproxy-server[6126]: Failure: error in
myproxy_send()
I have an edited hosts file which looks like the following:
127.0.1.1 Shelby-500.chini Shelby-500
Regards
Amitav
