Hi,
The rpm installed should be ca_GridPP-local-0.8-1. Unfortunately the
LCFG default config file *is* v 0.12, which I have never got to work!
(The file /opt/local/linux/6.2/rpmcfg/security-rpm.h needs changing.)
Completely removing v 0.12 then installing 0.8 (try getting a new one
from your LCFG server repository under RPMS/security if the one from the
website appears corrupted) followed by some configuration, would be
necessary.
However, everyone should now start applying for certificates from the
new UK e-science CA, as the UKHEP CA is going to be phased out. A list
of Regional Authorities for issuing UK e-science CA certificates is
given on:
http://www.grid-support.ac.uk/ca/ca.htm
There is an RA for UCL, with the names Mr Andrew Dawson, Mr Brian
Alston, Mr Henry Tillotson given as contacts.
The UK e-science CA certificates have been accepted by the Datagrid, and
I understand the security rpms will be deployed on the application
testbed in release 1.4.12, which should happen later this week.
If anyone is from an institute that does not have an RA for issuing
certificates set up already should:
(a) contact the e-science CA via the webpage above, and arrange to set
up a local RA as soon as possible;
then (b) if UKHEP certificates are needed in the meantime, make sure v
0.8 is installed and edit 1 or 2 files in /etc/grid-security
so that the correct "/O=Grid/O=UKHEP/OU=<your domain name>/" structure
comes into your certificates. I think something like this should work:
globus-host-ssl.conf:
[ req_distinguished_name ]
# BEGIN CONFIG
0.organizationName = Level 0 Organization
0.organizationName_default = Grid
1.organizationName = Level 1 Organization
1.organizationName_default = UKHEP
commonName = Name (e.g., John M. Smith)
commonName_max = 64
# END CONFIG
globus-user-ssl.conf:
[ req_distinguished_name ]
# BEGIN CONFIG
0.organizationName = Level 0 Organization
0.organizationName_default = Grid
1.organizationName = Level 1 Organization
1.organizationName_default = UKHEP
0.organizationalUnitName = Level 0 Organizational Unit
0.organizationalUnitName_default = <your domain name here>
commonName = Name (e.g., John M. Smith)
commonName_max = 64
# END CONFIG
cheers,
Owen.
Ben Waugh wrote:
> Can anyone help me out with some problems getting grid-cert-request to
> work on our (LCFG-installed) User Interface machine?
>
> Running "grid-cert-request" results in the following messages:
>
> /opt/globus/bin/grid-cert-request: /etc/grid-security/grid-security.conf:
> No such file or directory
>
> The Globus Configuration files have not been setup.
> Please have the local Globus Administrator run
> "/opt/globus/sbin/grid-security-config"
> to configure Globus at your site.
>
> Neither of the files mentioned exists, and I can't work out where to get
> them from. The web page <http://www.gridpp.ac.uk/ca/caconfigv2.html>
> (which I found through Google) gives instructions for editing an existing
> default config file, but I don't have that to start with.
>
> The same page also suggests installing <ca_GridPP-local-0.8-1.noarch.rpm>
> instead of editing the config files, but the linked file does not appear
> to be a valid RPM:-
>
> [root@pc23 /root]# rpm -qlp ca_GridPP-local-0.8-1.noarch.rpm
> ca_GridPP-local-0.8-1.noarch.rpm does not appear to be a RPM package
> query of ca_GridPP-local-0.8-1.noarch.rpm failed
>
> I already have the RPM package ca_GridPP-0.12-1 installed, but this does
> not include the .conf file.
>
> So what should I do? Have I missed a step somewhere in following the
> EDG/GridPP installation instructions?
>
> Cheers,
>
> Ben
>
> --
> Dr Ben Waugh Tel. +44 (0)20 7679 3783
> Dept of Physics and Astronomy Internal: 33783
> University College London
> London WC1E 6BT
--
#########################################
Dr O J E Maroney [log in to unmask]
Research Associate in eScience
HH Wills Physics Laboratory
University of Bristol
Tyndall Avenue, Bristol, BS8 1TL
Tel. 0117 928 8769
|