Hi Jean-Bernard,
I just ran into a very similar issue: the last line
[favreau@ui2 favreau]$ voms-proxy-init -voms egeode
Enter GRID pass phrase:
Your identity: /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard
[log in to unmask]
Cannot find file or dir: /home/favreau/.glite/vomses
suggests that you have not installed the voms server cert in
/etc/grid-security/vomsdir at all (as your other openssl lines also
suggest); please install this cert (e.g. copy it over from your SL3 UI)
and try again.
HTH,
Jan Just Keijser
System Integrator
Nikhef Amsterdam
FAVREAU Jean-Bernard wrote:
> Hi Marteen and Michel,
>
> Yes, CRL is up to date, CAs installed and host cert of
> voms.beingrid.fr.cgg.com installed and are exactly the same as the
> working UI.
> Like Michel said, I think also that there is a problem with the server
> certificate but I got difficulties to figure what it is.
> To help you I've found that the output of openssl command line to
> query the subject of the certificate is not the same on both UI
>
> --> on the working UI 3.0/SL3 it is:
>
> [favreau@ui1 JDL]$ openssl x509 -in
> /etc/grid-security/vomsdir/voms.beingrid.fr.cgg.com.1 -dates -issuer
> -noout -subject
> notBefore=Nov 7 13:15:56 2006 GMT
> notAfter=Nov 6 13:15:56 2011 GMT
> issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
> [log in to unmask]
> subject=
> /C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com
>
>
>
> --> on the new UI 3.1/SL4 it is
> [favreau@ui2 ~]$ openssl x509 -in
> /etc/grid-security/certificates/a1508cc7.0 -dates -issuer -noout -subject
> notBefore=Jul 7 15:18:51 2006 GMT
> notAfter=Jul 4 15:18:51 2016 GMT
> issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
> [log in to unmask]
> subject= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG
> [log in to unmask]
>
>
> OPENSLL version on the working UI is openssl-0.9.7a-33.21 and on the
> new UI it is openssl-0.9.7a-43.16
>
> hope it could help, J.B
>
>
> Maarten Litmaath wrote:
>> Maarten Litmaath wrote:
>>
>>> FAVREAU Jean-Bernard wrote:
>>>
>>>> [favreau@ui2 favreau]$ voms-proxy-init -voms egeode
>>>> Enter GRID pass phrase:
>>>> Your identity:
>>>> /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard
>>>> [log in to unmask]
>>>> Cannot find file or dir: /home/favreau/.glite/vomses
>>>> Creating temporary proxy ............................... Done
>>>> Contacting voms.beingrid.fr.cgg.com:15001
>>>> [/C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com]
>>>> "egeode" Failed
>>>>
>>>> globus_gss_assist: Error during context initialization
>>>> OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
>>>> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
>>>> globus_gsi_callback_module: Could not verify credential
>>>> globus_gsi_callback_module: Could not verify credential: self
>>>> signed certificate in certificate chain
>>>
>>>
>>> You need to have the host cert of voms.beingrid.fr.cgg.com installed in
>>> /etc/grid-security/vomsdir on the UI. Also ensure all CAs are
>>> installed.
>>
>> In fact, that error message just means the CAs are not installed;
>> the host cert is relevant for voms-proxy-info, not voms-proxy-init.
>>
|