 |
 |
Hi Jean-Bernard, I just ran into a very similar issue: the last line [favreau@ui2 favreau]$ voms-proxy-init -voms egeode Enter GRID pass phrase: Your identity: /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard [log in to unmask] Cannot find file or dir: /home/favreau/.glite/vomses suggests that you have not installed the voms server cert in /etc/grid-security/vomsdir at all (as your other openssl lines also suggest); please install this cert (e.g. copy it over from your SL3 UI) and try again. HTH, Jan Just Keijser System Integrator Nikhef Amsterdam FAVREAU Jean-Bernard wrote: > Hi Marteen and Michel, > > Yes, CRL is up to date, CAs installed and host cert of > voms.beingrid.fr.cgg.com installed and are exactly the same as the > working UI. > Like Michel said, I think also that there is a problem with the server > certificate but I got difficulties to figure what it is. > To help you I've found that the output of openssl command line to > query the subject of the certificate is not the same on both UI > > --> on the working UI 3.0/SL3 it is: > > [favreau@ui1 JDL]$ openssl x509 -in > /etc/grid-security/vomsdir/voms.beingrid.fr.cgg.com.1 -dates -issuer > -noout -subject > notBefore=Nov 7 13:15:56 2006 GMT > notAfter=Nov 6 13:15:56 2011 GMT > issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG > [log in to unmask] > subject= > /C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com > > > > --> on the new UI 3.1/SL4 it is > [favreau@ui2 ~]$ openssl x509 -in > /etc/grid-security/certificates/a1508cc7.0 -dates -issuer -noout -subject > notBefore=Jul 7 15:18:51 2006 GMT > notAfter=Jul 4 15:18:51 2016 GMT > issuer= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG > [log in to unmask] > subject= /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=CGG > [log in to unmask] > > > OPENSLL version on the working UI is openssl-0.9.7a-33.21 and on the > new UI it is openssl-0.9.7a-43.16 > > hope it could help, J.B > > > Maarten Litmaath wrote: >> Maarten Litmaath wrote: >> >>> FAVREAU Jean-Bernard wrote: >>> >>>> [favreau@ui2 favreau]$ voms-proxy-init -voms egeode >>>> Enter GRID pass phrase: >>>> Your identity: >>>> /C=FR/ST=Essonne/L=Massy/O=CGG/OU=IRD/CN=Jean-Bernard >>>> [log in to unmask] >>>> Cannot find file or dir: /home/favreau/.glite/vomses >>>> Creating temporary proxy ............................... Done >>>> Contacting voms.beingrid.fr.cgg.com:15001 >>>> [/C=FR/L=Massy/O=CGG/OU=IRD/CN=voms.beingrid.fr.cgg.com/Email=voms.fr.cgg.com] >>>> "egeode" Failed >>>> >>>> globus_gss_assist: Error during context initialization >>>> OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function >>>> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed >>>> globus_gsi_callback_module: Could not verify credential >>>> globus_gsi_callback_module: Could not verify credential: self >>>> signed certificate in certificate chain >>> >>> >>> You need to have the host cert of voms.beingrid.fr.cgg.com installed in >>> /etc/grid-security/vomsdir on the UI. Also ensure all CAs are >>> installed. >> >> In fact, that error message just means the CAs are not installed; >> the host cert is relevant for voms-proxy-info, not voms-proxy-init. >>