Hi Jean-Bernard,
can you do a
voms-proxy-init -debug -voms .......
and post the output? it should list which voms directories it is using,
e.g. on my SL3 UI:
# voms-proxy-init -debug -voms tutor
Detected Globus version: 22
Unspecified proxy version, settling on Globus version: 2
Number of bits in key :512
>>>>> Using configuration file /home/ui_users/janjust/.glite/vomses
>>>>> Using configuration file /opt/glite/etc/vomses
Files being used:
CA certificate file: none
>>>>> Trusted certificates directory : /etc/grid-security/certificates
Proxy certificate file : /tmp/x509up_u99999039
User certificate file: /home/ui_users/janjust/.globus/usercert.pem
User key file: /home/ui_users/janjust/.globus/userkey.pem
Output to /tmp/x509up_u99999039
Enter GRID pass phrase:
Your identity: /O=dutchgrid/O=users/O=nikhef/CN=Jan Just Keijser
>>>>> Using configuration file /home/ui_users/janjust/.glite/vomses
>>>>> Cannot find file or dir: /home/ui_users/janjust/.glite/vomses
>>>>> Using configuration file /opt/glite/etc/vomses
.....
cheers,
Jan Just Keijser
System Integrator
Nikhef Amsterdam
FAVREAU Jean-Bernard wrote:
> Hello Jan,
>
> on this new UI, I do have installed the VOMS cerver certificate:
>
> [root@ui2 ~]# ls -l /etc/grid-security/vomsdir
> -rw-r--r-- 1 root root 3517 Jan 11 2007 voms.beingrid.fr.cgg.com.1
>
> [root@ui2 ~]# openssl x509 -in
> /etc/grid-security/vomsdir/voms.beingrid.fr.cgg.com.1 -dates -issuer
> -noout -subject
> notBefore=Nov 7 13:15:56 2006 GMT
> notAfter=Nov 6 13:15:56 2011 GMT
> issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
> [log in to unmask]
> subject=
> /C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/emailAddress=voms.fr.cgg.com
>
>
> the output difference is about the e-mail field for issuer and
> subject the "Email=" before in openssl SL3/glite 3.0
> is now "emailAdress=" in openssl of SL4.4/gLite 3.1
>
> J.B
>
> Jan Just Keijser wrote:
>> Hi Jean-Bernard,
>>
>> I just ran into a very similar issue: the last line
>>
>> [favreau@ui2 favreau]$ voms-proxy-init -voms egeode
>> Enter GRID pass phrase:
>> Your identity: /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard
>> [log in to unmask]
>> Cannot find file or dir: /home/favreau/.glite/vomses
>>
>> suggests that you have not installed the voms server cert in
>> /etc/grid-security/vomsdir at all (as your other openssl lines also
>> suggest); please install this cert (e.g. copy it over from your SL3
>> UI) and try again.
>>
>>
>> HTH,
>>
>> Jan Just Keijser
>> System Integrator
>> Nikhef Amsterdam
>>
>> FAVREAU Jean-Bernard wrote:
>>> Hi Marteen and Michel,
>>>
>>> Yes, CRL is up to date, CAs installed and host cert of
>>> voms.beingrid.fr.cgg.com installed and are exactly the same as the
>>> working UI.
>>> Like Michel said, I think also that there is a problem with the
>>> server certificate but I got difficulties to figure what it is.
>>> To help you I've found that the output of openssl command line to
>>> query the subject of the certificate is not the same on both UI
>>>
>>> --> on the working UI 3.0/SL3 it is:
>>>
>>> [favreau@ui1 JDL]$ openssl x509 -in
>>> /etc/grid-security/vomsdir/voms.beingrid.fr.cgg.com.1 -dates -issuer
>>> -noout -subject
>>> notBefore=Nov 7 13:15:56 2006 GMT
>>> notAfter=Nov 6 13:15:56 2011 GMT
>>> issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
>>> [log in to unmask]
>>> subject=
>>> /C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com
>>>
>>>
>>>
>>> --> on the new UI 3.1/SL4 it is
>>> [favreau@ui2 ~]$ openssl x509 -in
>>> /etc/grid-security/certificates/a1508cc7.0 -dates -issuer -noout
>>> -subject
>>> notBefore=Jul 7 15:18:51 2006 GMT
>>> notAfter=Jul 4 15:18:51 2016 GMT
>>> issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
>>> [log in to unmask]
>>> subject= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
>>> [log in to unmask]
>>>
>>>
>>> OPENSLL version on the working UI is openssl-0.9.7a-33.21 and on the
>>> new UI it is openssl-0.9.7a-43.16
>>>
>>> hope it could help, J.B
>>>
>>>
>>> Maarten Litmaath wrote:
>>>> Maarten Litmaath wrote:
>>>>
>>>>> FAVREAU Jean-Bernard wrote:
>>>>>
>>>>>> [favreau@ui2 favreau]$ voms-proxy-init -voms egeode
>>>>>> Enter GRID pass phrase:
>>>>>> Your identity:
>>>>>> /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard
>>>>>> [log in to unmask]
>>>>>> Cannot find file or dir: /home/favreau/.glite/vomses
>>>>>> Creating temporary proxy ............................... Done
>>>>>> Contacting voms.beingrid.fr.cgg.com:15001
>>>>>> [/C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com]
>>>>>> "egeode" Failed
>>>>>>
>>>>>> globus_gss_assist: Error during context initialization
>>>>>> OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
>>>>>> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
>>>>>> globus_gsi_callback_module: Could not verify credential
>>>>>> globus_gsi_callback_module: Could not verify credential: self
>>>>>> signed certificate in certificate chain
>>>>>
>>>>>
>>>>> You need to have the host cert of voms.beingrid.fr.cgg.com
>>>>> installed in
>>>>> /etc/grid-security/vomsdir on the UI. Also ensure all CAs are
>>>>> installed.
>>>>
>>>> In fact, that error message just means the CAs are not installed;
>>>> the host cert is relevant for voms-proxy-info, not voms-proxy-init.
>>>>
>>
|