Mismatched keys mean that the cert/key weren't replaced together.
Your original problem wasn't a bad hostcert, it's probably a bad
entry in /etc/hosts. Finish up the replacement of the certs (the
best way is to delete your old cert/key to avoid confusion), then let
us know what's in your hosts file for that hostname.
Charles
On Dec 6, 2007, at 11:37 AM, peter ye wrote:
I reset the hostcert and usercert. However, it now gives another
error:
[EMAIL PROTECTED]:~/.globus$ globus-url-copy gsiftp://
hilbert.cs.dal.ca/home/lingyun/gsiftpTest file:///home/lingyun/t/test
error: globus_ftp_client: the server responded with an error
530 530-globus_xio: Server side credential failure
530-globus_gsi_gssapi: Error with gss credential handle
530-globus_gsi_gssapi: Error with openssl: Couldn't set the private
key to be used for the SSL context
530-OpenSSL Error: x509_cmp.c:389: in library: x509 certificate
routines, function X509_check_private_key: key values mismatch
530 End.
I can telnet via port 2811 but can't gsiftp through. Also, grid-
mapfile matches the identity from grid-proxy-info. Any idea?
Seshachalapathi <[EMAIL PROTECTED]> wrote:
Hi
It is first one grid-cert-request -host `hostname`
And it looks like you haven't created the host certificate
correctly. Create host certificate
correctly and sign and try testing again.
Cheers
Sesha
From: peter ye <[EMAIL PROTECTED]>
To: [email protected]
Sent: Wednesday, December 5, 2007 9:53:29 PM
Subject: [gt-user] globus_gsi_gssapi: Authorization denied
Dear all:
When I tried to globus-url-copy sth, it gives an "Authorization
denied" error. Does anyone know what's the problem?
Also, I get confused while creating host certificate. Is it
grid-cert-request -host `hostname`
or
grid-cert-request -host hostname
or
grid-cert-request -host 'hostname' ?
Thanks in advance.
Peter
[EMAIL PROTECTED]:~/.globus$ globus-url-copy gsiftp://
hilbert.cs.dal.ca/home/lingyun/t/test file:///home/lingyun/gsiftpTest
error: globus_ftp_control: gss_init_sec_context failed
GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote
host (hilbert.cs.dal.ca), and the expected name for the remote host
(hilbert) do not match. This happens when the name in the host
certificate does not match the information obtained from DNS and is
often a DNS configuration problem.
[EMAIL PROTECTED]:~/.globus$
Be smarter than spam. See how smart SpamGuard is at giving junk
email the boot with the All-new Yahoo! Mail
All new Yahoo! Mail -Get a sneak peak at messages with a handy
reading pane.
Never miss a thing. Make Yahoo your homepage.
Looking for the perfect gift? Give the gift of Flickr!
