Hello David et al,
The documentation for the UK e-Science CA has now been split into two parts,
one for using I.E and the other for Netscape with links for both at:
http://www.grid-support.ac.uk/ca/newcert.htm
This documentation can be accessed in either PDF or HTML format. This has
easily accessable instance of the commands needed for certificate conversion
etc.
Regards
David Wallom
-----Original Message-----
From: D.Kant [mailto:[log in to unmask]]
Sent: 06 October 2003 11:34
To: [log in to unmask]
Subject: Re: globus-gatekeeper
Thanks Steve,
[root@ce01 grid-security]# /sbin/service globus-gatekeeper start
Starting edg-gatekeeper: [ OK ]
D.
On Mon, 6 Oct 2003, Steve Traylen wrote:
> Hi Dave,
>
> It seems the page that used to describe the conversion
> on the e science website has vanished....
>
> No it has moved here
> http://www.grid-support.ac.uk/ca/useful.htm
>
> It suggests
>
> openssl pkcs12 -in mykey.p12 -clcerts -nokeys -out usercert.pem
> openssl pkcs12 -in mykey.p12 -nocerts -out userkey.pem
>
> which for a hostcert translates to .
>
> openssl pkcs12 -in mykey.p12 -clcerts -nokeys -out hostcert.pem
> openssl pkcs12 -nodes -in mykey.p12 -nocerts -out hostkey.pem
> chmod 400 hostkey.pem
>
> Note the extra -nodes (no des) which allows to you to create
> the key with a pass phrase.
>
>
> Steve
>
>
>
>
>
> On Mon, 6 Oct 2003, D.Kant wrote:
>
> > Hi Everyone,
> >
> > I'm having trouble starting globus-gatekeeper.
> >
> > This is what I've done...
> >
> > I've placed my hostcert.pem and hostkey.pem files into
> > CE:/etc/grid-security directory and checked that /etc/globus.conf
> > is looking in the right place for the certificates:
> >
> > x509_user_cert=/etc/grid-security/hostcert.pem
> > x509_user_key=/etc/grid-security/hostkey.pem
> >
> > The e-Science host certificate (pkcs12) was converted using
> >
> > openssl pkcs12 -in myhost.p12 -out myhost.pem
> >
> > And myhost.pem contains the public/private keys for the host
> > and the CA public key; this file was split up into three
> > seperate pieces (hostcert.pem, hostkey.pem etc)
> >
> > The UK e-Science CA rpm is installed on the CE.
(ca_UKeScience-0.18-1.rpm)
> >
> > Any help here would be much appreciated.
> >
> > Dave.
> >
> > [root@ce01 grid-security]# /sbin/service globus-gatekeeper start
> > Starting edg-gatekeeper:GSS failed getting server credentials:
> > GSS Major Status: General failure
> > GSS Minor Status Error Chain:
> >
> > acquire_cred.c:125: gss_acquire_cred: Error with GSI credential
> > globus_i_gsi_gss_utils.c:1298: globus_i_gsi_gss_cred_read: Error with
gss
> > credential handle
> > globus_gsi_credential.c:482: globus_gsi_cred_read: Error reading host
> > credential
> > globus_gsi_credential.c:1092: globus_gsi_cred_read_key: Error reading
user
> > credential: Can't read credential's private key from PEM
> > OpenSSL Error: pem_lib.c:434: in library: PEM routines, function
> > PEM_do_header: bad password read
> > OpenSSL Error: pem_lib.c:666: in library: PEM routines, function
> > PEM_read_bio: no start lineFailure: GSS failed to get server credentials
> >
>
> --
> Steve Traylen
> [log in to unmask]
> http://www.gridpp.ac.uk/
>
--
--------------------------------------------------------------
Department of Physics | Dr Dave Kant
Queen Mary College | TEL/FaX: +44 (0)20 7882 5054
Mile End Road London E1 4NS | e-mail : [log in to unmask]
--------------------------------------------------------------
|