On Apr 14, 2012, at 10:20 AM, Hameed Alzahrani wrote: > Hi, > > I have a cluster which I installed globus toolkit 4.2.0 on it and I have > another external machine where I use VDT. I configured globus on the cluster > head node and sign a certificate for the user in the external machine but I > got the following errors. > > ERROR: Couldn't verify the authenticity of the user's credential to generate > a proxy from. > > > [VDT@ext .globus]$ grid-proxy-init -verify -debug > > User Cert File: /home/VDT/.globus/usercert.pem > User Key File: /home/VDT/.globus/userkey.pem > > Trusted CA Cert Dir: /opt/vdt/globus/TRUSTED_CA > > Output File: /tmp/x509up_u503 > Your identity: > /O=Grid/OU=GlobusTest/OU=simpleCA-head.beng03/OU=beng03/CN=bandar > Enter GRID pass phrase for this identity: > Creating proxy ..++++++++++++ > ...................++++++++++++ > Done > > > ERROR: Couldn't verify the authenticity of the user's credential to generate > a proxy from. > > grid_proxy_init.c:1079:globus_gsi_cred_handle.c:globus_gsi_cred_verify_cert_chain:1753: > Error verifying credential: Failed to verify credential > globus_gsi_callback.c:globus_i_gsi_callback_create_proxy_callback:458: > Could not verify credential > globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:868: > Could not verify credential > globus_gsi_callback.c:globus_i_gsi_callback_check_signing_policy:1252: > Error with signing policy > globus_gsi_callback.c:globus_i_gsi_callback_check_gaa_auth:1460: > Error in OLD GAA code: CA policy violation: <no reason given> >
I guess check the signing policy file for syntax errors or mismatch with the certificate DN. You might be able to use the grid-cert-diagnostics tool if it's in 4.2.0. Joe
