Tony Wildish
2015-10-22 12:44:44 UTC
Hi,
I'm trying to install gridFTP servers on two VMs to run a few tests,
and am having some difficulty.
I'm following the instructions at
http://toolkit.globus.org/toolkit/docs/latest-stable/admin/quickstart.
Everything works fine in the first machine, I install the gridftp and
myproxy servers, configure as per the documentation, and I can
successfully create a certificate and perform a local copy.
I then install my second machine, and try to get it to trust the
first, using "myproxy-get-trustroots -b -s <hostname>". This fails with
the following error:
[***@nemo centos]# myproxy-get-trustroots -b -s dory
Bootstrapping MyProxy server root of trust.
New trusted MyProxy server:
/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal
New trusted CA (82dd5dde.0):
/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=Globus Simple CA
Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
globus_gsi_gssapi: Unable to verify remote side's credentials
globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_pkt.c:1259: in library: SSL routines, function
SSL3_READ_BYTES: tlsv1 alert unknown ca SSL alert number 48
This is running as root on a CentOS 7 image.
If I run as a normal user, I can persuade things to progress, but even
there it's flaky:
[***@nemo ~]$ myproxy-get-trustroots -b -s dory
Server authorization failed. Server identity
(/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal)
does not match expected identities
`?' or `?'.
If the server identity is acceptable, set
MYPROXY_SERVER_DN="/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal"
and try again.
OK, so I set MYPROXY_SERVER_DN and try again:
[***@nemo ~]$ export
MYPROXY_SERVER_DN="/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal"
[***@nemo ~]$ myproxy-get-trustroots -b -s dory
Trust roots have been installed in /home/centos/.globus/certificates/.
So something is working, but it's not working as it should, according
to the documentation.
Any suggestions or advice, anyone?
Thanks in advance.
Cheers,
Tony.
I'm trying to install gridFTP servers on two VMs to run a few tests,
and am having some difficulty.
I'm following the instructions at
http://toolkit.globus.org/toolkit/docs/latest-stable/admin/quickstart.
Everything works fine in the first machine, I install the gridftp and
myproxy servers, configure as per the documentation, and I can
successfully create a certificate and perform a local copy.
I then install my second machine, and try to get it to trust the
first, using "myproxy-get-trustroots -b -s <hostname>". This fails with
the following error:
[***@nemo centos]# myproxy-get-trustroots -b -s dory
Bootstrapping MyProxy server root of trust.
New trusted MyProxy server:
/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal
New trusted CA (82dd5dde.0):
/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=Globus Simple CA
Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
globus_gsi_gssapi: Unable to verify remote side's credentials
globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_pkt.c:1259: in library: SSL routines, function
SSL3_READ_BYTES: tlsv1 alert unknown ca SSL alert number 48
This is running as root on a CentOS 7 image.
If I run as a normal user, I can persuade things to progress, but even
there it's flaky:
[***@nemo ~]$ myproxy-get-trustroots -b -s dory
Server authorization failed. Server identity
(/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal)
does not match expected identities
`?' or `?'.
If the server identity is acceptable, set
MYPROXY_SERVER_DN="/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal"
and try again.
OK, so I set MYPROXY_SERVER_DN and try again:
[***@nemo ~]$ export
MYPROXY_SERVER_DN="/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal"
[***@nemo ~]$ myproxy-get-trustroots -b -s dory
Trust roots have been installed in /home/centos/.globus/certificates/.
So something is working, but it's not working as it should, according
to the documentation.
Any suggestions or advice, anyone?
Thanks in advance.
Cheers,
Tony.