There's also a tool in GT called globus-update-certificate-dir which will create links to the certificates and other policy files with the new hashes.
Joe On Oct 18, 2011, at 6:05 AM, Lukasz Lacinski wrote: > Hi Adrian, > > OpenSSL >1.0.0 provides a tool called c_rehash to fix your problem > http://www.cilogon.org/openssl1#TOC-c_rehash. You can also play manually with > the command > openssl x509 -noout -subject_hash_old -in <certfile.pem> > > -Lukasz > > On 10/18/11 4:33 AM, Adrian T. Bienkowski wrote: >> Hi, >> >> I have setup two machine using GT5.0.2 and GT5.0.4. These machines run >> different OS, Redhat and Fedora, and therefore different openssl version. >> >> When I follow the instruction to setup second machine, my job submission >> does not work from one machine to the other. I believe this is due to the >> fact that on the CA host machine the command >> >> machine1$ >> openssl x509 -hash -noout < >> /etc/grid-security/certificates/ >> 3c4aec10.0 >> 3c4aec10 >> >> >> >> >> >> ie. returns the correct hash, however the second machine return a different >> hash. >> >> machine2$ >> openssl x509 -hash -noout < >> /etc/grid-security/certificates/ >> 3c4aec10.0 >> 225aec88 >> >> >> >> >> How do >> you deal with this issue of heterogeneous >> environment? >> >> >> >> >> Regards, >> Adrian >> Bienkowski >> >
