Hi,
I'm trying to install gridFTP servers on two VMs to run a few tests,
and am having some difficulty.
I'm following the instructions at
http://toolkit.globus.org/toolkit/docs/latest-stable/admin/quickstart.
Everything works fine in the first machine, I install the gridftp and
myproxy servers, configure as per the documentation, and I can
successfully create a certificate and perform a local copy.
I then install my second machine, and try to get it to trust the
first, using "myproxy-get-trustroots -b -s <hostname>". This fails with
the following error:
[root@nemo centos]# myproxy-get-trustroots -b -s dory
Bootstrapping MyProxy server root of trust.
New trusted MyProxy server:
/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal
New trusted CA (82dd5dde.0):
/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=Globus Simple CA
Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
globus_gsi_gssapi: Unable to verify remote side's credentials
globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_pkt.c:1259: in library: SSL routines, function
SSL3_READ_BYTES: tlsv1 alert unknown ca SSL alert number 48
This is running as root on a CentOS 7 image.
If I run as a normal user, I can persuade things to progress, but even
there it's flaky:
[centos@nemo ~]$ myproxy-get-trustroots -b -s dory
Server authorization failed. Server identity
(/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal)
does not match expected identities
`?' or `?'.
If the server identity is acceptable, set
MYPROXY_SERVER_DN="/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal"
and try again.
OK, so I set MYPROXY_SERVER_DN and try again:
[centos@nemo ~]$ export
MYPROXY_SERVER_DN="/O=Grid/OU=GlobusTest/OU=simpleCA-dory.novalocal/CN=dory.novalocal"
[centos@nemo ~]$ myproxy-get-trustroots -b -s dory
Trust roots have been installed in /home/centos/.globus/certificates/.
So something is working, but it's not working as it should, according
to the documentation.
Any suggestions or advice, anyone?
Thanks in advance.
Cheers,
Tony.