1. I created a new signing policy based on the data obtained from the following commands:
openssl x509 -subject -in [issuer_hash].0
openssl x509 -subject -in usercert.pem
2. I modified the CDC user cert based on the certs found in the staging node.
openssl x509 -text -in usercert.bak -out usercert.pem
3. I deleted the cert hash.0 and signing policy from /etc/grid-security/certificates and replaced it with [issuer_hash].0
Results:
Grid-proxy-init with no options seems to create a verifiable proxy with the CDC certificate:
forrest@Bubba-Gump:~> grid-proxy-init
Your identity: DATA REMOVED-BY-DAN
Creating proxy ........................................... Done
Your proxy is valid until: Fri Sep 12 04:22:07 2008
forrest@Bubba-Gump:~>
forrest@Bubba-Gump01:~> grid-proxy-info
subject : DATA REMOVED-BY-DAN
issuer : DATA REMOVED-BY-DAN
identity : DATA REMOVED-BY-DAN
type : Proxy draft (pre-RFC) compliant impersonation proxy
strength : 512 bits
path : /tmp/x509up_u1003
timeleft : 11:58:51
Testing via GridFTP, Globus seems to use the wrong cert hash and signing policy to verify user proxy.
Error checking certificate with subject DATA REMOVED-BY-DAN Against signing policy file /opt/vdt/globus/TRUSTED_CA/[wrong_hash_number].signing_policy
530 End.
I need to figure out why it is using the wrong hash file.
Thursday, September 11, 2008
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment