[gt-user] Problem installing Globus toolkit 6.0: myproxy-get-trusroots fails

Thu, 22 Oct 2015 05:46:45 -0700 

Hi,
I'm trying to install gridFTP servers on two VMs to run a few tests, and am having some difficulty. 


 I'm following the instructions at 
http://toolkit.globus.org/toolkit/docs/latest-stable/admin/quickstart. 
Everything works fine in the first machine, I install the gridftp and 
myproxy servers, configure as per the documentation, and I can 
successfully create a certificate and perform a local copy.



 I then install my second machine, and try to get it to trust the 
first, using "myproxy-get-trustroots -b -s <hostname>". This fails with 
the following error:


[root@nemo centos]# myproxy-get-trustroots -b -s dory
Bootstrapping MyProxy server root of trust.

New trusted MyProxy server: 
/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal
New trusted CA (82dd5dde.0): 
/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=Globus Simple CA

Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
globus_gsi_gssapi: Unable to verify remote side's credentials
globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake

OpenSSL Error: s3_pkt.c:1259: in library: SSL routines, function 
SSL3_READ_BYTES: tlsv1 alert unknown ca SSL alert number 48


 This is running as root on a CentOS 7 image.


 If I run as a normal user, I can persuade things to progress, but even 
there it's flaky:


[centos@nemo ~]$ myproxy-get-trustroots -b -s dory
Server authorization failed.  Server identity
(/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal)
does not match expected identities
`?' or `?'.
If the server identity is acceptable, set
MYPROXY_SERVER_DN="/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal"
and try again.

 OK, so I set MYPROXY_SERVER_DN and try again:


[centos@nemo ~]$ export 
MYPROXY_SERVER_DN="/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal"

[centos@nemo ~]$ myproxy-get-trustroots -b -s dory
Trust roots have been installed in /home/centos/.globus/certificates/.


 So something is working, but it's not working as it should, according 
to the documentation.


 Any suggestions or advice, anyone?

 Thanks in advance.

 Cheers,
 Tony.














    











					Reply via email to