No i just have the first machin yet , and about "globus_simple_ca_*.tar.gz" , i
have it , but how should i install it ?and may you please explain more about
your last statement?, i mean (When you created the CA (if you did so as the
globus user) you should
have a tarball in ~globus/simpleCA/globus_simple_ca_*.tar.gz
You'll
need to install the .0 and .signing_policy files from that tarball in
/etc/grid-security/certificates.), and abour another machin ? and should i
verify my CA after install the tarball?
Nadia
________________________________
From: Joseph Bester <[email protected]>
To: Nadia Aidan <[email protected]>
Cc: "[email protected]" <[email protected]>
Sent: Monday, October 29, 2012 4:42 PM
Subject: Re: [gt-user] Verify the SimpleCA
Are you running this on a different machine than you created the CA on? If so,
you'll need to copy the CA data from the machine you created the CA on to the
new machine you are using with your user certificate. When you created the CA
(if you did so as the globus user) you should have a tarball in
~globus/simpleCA/globus_simple_ca_*.tar.gz
You'll need to install the .0 and .signing_policy files from that tarball in
/etc/grid-security/certificates.
Joe
On Oct 27, 2012, at 5:26 PM, Nadia Aidan <[email protected]> wrote:
> Hi all
> for verify simple CA after run : " user$ grid-proxy -init -debug -verify "
> i got this ERROR :
> "
> User Cert File: /home/nadia/.globus/usercert.pem
> User Key File: /home/nadia/.globus/userkey.pem
>
> Trusted CA Cert Dir: /home/nadia/.globus/certificates
>
> Output File: /tmp/x509up_u1000
> Your identity:
> /O=Grid/OU=GlobusTest/OU=simpleCA-nadia-laptop/OU=local/CN=nadia
> Enter GRID pass phrase for this identity:
> Creating proxy ......++++++++++++
> .++++++++++++
> Done
> Error: Couldn't verify the authenticity of the user's credential to generate
> a proxy from.
> grid_proxy_init.c:971: globus_credential: Error verifying credential:
>Failed to verify credential
> globus_gsi_callback_module: Could not verify credential
> globus_gsi_callback_module: Can't get the local trusted CA certificate:
> Cannot find trusted CA certificate with hash d45fffae in
> /home/nadia/.globus/certificates
> "
> and with " gtuser$ grid-cert-diagnostics " the answer is :
> "
> Checking Environment Variables
> ==============================
> Checking if HOME is set... /home/nadia
> Checking if GLOBUS_LOCATION is set... no
> Checking for default GLOBUS_LOCATION... /usr
> Checking if X509_CERT_DIR is set... no
> Checking if X509_USER_CERT is set... no
> Checking if X509_USER_KEY is set... no
> Checking if X509_USER_PROXY is set... no
> Checking if GRIDMAP is set... no
>
> Checking Security Directories
> =======================
> Determining trusted cert path... /home/nadia/.globus/certificates
> Checking for cog.properties... not found
> Checking for default gridmap location... /home/nadia/.gridmap
> Checking if default gridmap exists... failed
> globus_sysconfig: File does not exist: /home/nadia/.gridmap is not a
>valid file
>
>
> Checking trusted certificates...
> ================================
> Getting trusted certificate list...
> nadia@nadia-laptop:~$ grid-default-ca
>
> There does not appear to be a valid CA
> located in any of the following directories:
>
>
> To specify a different location where the grid security
> configuration files were installed, set the X509_CERT_DIR
> set the GRID_SECURITY_DIR environment variables.
> "
> what should i do ?
>
> Thanks of All,
> Nadia
