Steve, as I understand, the catch is ~/.globus/certificates which is a
user-specific truststore for CA certificates (like the ones you can
fetch with myproxy-something.)
It is fine to have ~/.globus/usercert.pem and ~/.globus/userkey.pem -
this is your personal credential store, and just having those will not
prevent your code checking the canonical key store.
I don't know about a .glite directory though.
Cheers
--jens
On 25/10/2012 11:51, Stephen Jones wrote:
> On 10/25/2012 11:10 AM, Christopher J. Walker wrote:
>
>> couldn't use voms-proxy-init to get a dteam or atlas proxy.
>> The problem seems to be the creation of a .glite directory
>> and a .globus/certificates directory. These don't contain EGI
>> certificates. Mine and John Kewley's guess is that globus
>> looks there first and once it finds certificates there, it
>> doesn't look in /etc/grid-security/certificates.
>
> Cheers Chris for the warning.
>
> I just backed up my certificate from the browser, and imported it into
> the Certwizard. I clicked Install, the user*pem files got written into
> .globus:
>
> $ ls -lrt /user2/sjones/.globus/user*
> -r-------- 1 sjones man 1743 Oct 25 11:44 /user2/sjones/.globus/userkey.pem
> -r--r--r-- 1 sjones man 1761 Oct 25 11:44
> /user2/sjones/.globus/usercert.pem
>
> And now voms-proxy-init works fine. How did the .glite directory or
> /etc/grid-security/certificates derail it at QMUL? Do you work it
> differently to me?
>
> Steve
>
--
Scanned by iCritical.
|