Hi,
After upgrading to the new CA release I'm having problems authentication
against the CMS VOMS server:
heplnx101 - ~ $ voms-proxy-init --voms cms --key
~/.my_certs/cms-userkey.pem --cert ~/.my_certs/cms-usercert.pem
Enter GRID pass phrase:
Your identity: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=chris cms brew
Creating temporary proxy ........................................ Done
Contacting voms.cern.ch:15002
[/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch] "cms" Failed
Error: Could not establish authenticated connection with the server.
globus_gss_assist token :-1: read failure: Operation not permitted
Trying next server for cms.
Creating temporary proxy
................................................ Done
Contacting voms.cern.ch:15002
[/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch] "cms" Failed
Error: Could not establish authenticated connection with the server.
globus_gss_assist token :-1: read failure: Operation not permitted
None of the contacted servers for cms were capable
of returning a valid AC for the user.
However I can still authenticate against the dteam voms server.
heplnx101 - ~ $ voms-proxy-init --voms dteam --key
~/.my_certs/dteam-userkey.pem --cert ~/.my_certs/dteam-usercert.pem
Enter GRID pass phrase:
Your identity: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=chris dteam brew
Creating temporary proxy
................................................ Done
Contacting lcg-voms.cern.ch:15004
[/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch] "dteam" Done
Creating proxy .............................................. Done
Your proxy is valid until Wed May 21 02:54:22 2008
Both certificates are still valid but the one that doesn't work was
issued by the Certificate that was replaced.
heplnx101 - ~ $ openssl x509 -in ~/.my_certs/dteam-usercert.pem
-startdate -enddate -issuer -noout
notBefore=May 11 15:21:51 2007 GMT
notAfter=Jun 9 15:21:51 2008 GMT
issuer= /C=UK/O=eScienceCA/OU=Authority/CN=CA
heplnx101 - ~ $ openssl x509 -in ~/.my_certs/cms-usercert.pem -startdate
-enddate -issuer -noout
notBefore=May 1 15:40:09 2008 GMT
notAfter=May 31 15:40:09 2009 GMT
issuer= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
Do I have to get a new certificate or register again or what?
Thanks,
Chris.
|