On Fri 8/27/2010 7:27 AM, Hoot Thompson wrote:
Perhaps I'm making this too hard. I follow these instructions.....
Chapter 2. Configuring
1. Configure SimpleCA for multiple machines
So far, you have a single machine configured with SimpleCA certificates.
Recall that in Section 2.5, “Confirm generated
certificate” a CA setup package was created in
.globus/simpleCA/globus_simple_ca_HASH_setup-
0.17.tar.gz. If you want to use your certificates on another machine,
you must install that CA setup package on
that machine.
To install it, copy that package to the second machine and run:
$GLOBUS_LOCATION/sbin/gpt-build globus_simple_ca_HASH_setup-0.17.tar.gz
gcc32dbg
$GLOBUS_LOCATION/sbin/gpt-postinstall
Then you will have to perform setup-gsi -default from Section 2.6,
“Complete setup of GSI”.
If you are going to run services on the second host, it will need its
own host certificate (Section 3, “Host certificates”)
and grid-mapfile (as described in the basic configuration instructions
in Section 3, “Add authorization”).
You may re-use your user certificates on the new host. You will need to
copy the requests to the host where the Sim-
pleCA was first installed in order to sign them.
Everything goes well until I get to the part that says "If you are going
to run services on the second host, it will need its own host
certificate (Section 3, “Host certificates”)
and grid-mapfile (as described in the basic configuration instructions
in Section 3, “Add authorization”)." I can create the host certificate
but I can't sign it due to the previously mentioned error. So your
comment says I should sign the second machine's certificate on the first
machine and then bring it back. I'll give it a try. Bottom line is all
I'm trying to do is get two machines trusted so I can try striped transfers.
Hoot
Right, what Martin suggested should work. That package that you
installed on the second machine is simply the CA certificates that
enable the other machines to trust that CA and the certificates it
signs. The CA itself only lives on a single machine.
-----Original Message-----
*From*: Martin Feller <fel...@mcs.anl.gov
<mailto:martin%20feller%20%3cfel...@mcs.anl.gov%3e>>
*To*: Hoot Thompson <h...@ptpnow.com
<mailto:hoot%20thompson%20%3ch...@ptpnow.com%3e>>
*Cc*: gt-user@lists.globus.org <mailto:gt-user@lists.globus.org>
*Subject*: Re: [gt-user] Stripe mode over multiple links between two servers
*Date*: Fri, 27 Aug 2010 07:04:53 -0500
The CA itself should stay on one machine and should not be copied to
multiple nodes in a grid. It's probably only located on the first
machine in your case.
Does it work if you copy the host certificate request from the second
machine to the first machine, sign it there, and copy the generated
certificate back to the second machine, where the corresponding private
key of the host certificate lives?
Martin
