[gridshib-user] Problem with GridShibCA 0.6.0

Von Welch vwelch at uiuc.edu
Tue Mar 25 17:18:53 CDT 2008 

Are you sure the GS-CA certificate is installed in 
/etc/grid-security/certificates (and has the right permissions)?

http://gridshib.globus.org/downloads/gridshib-ca-cert.tar

Von

Tom Scavo wrote:
> Well, I just did a fresh install of ws-core-4.0.5 and tried again.
> Same error.  (I'm just following the Quick Start.)
> 
> Tom
> 
> On Tue, Mar 25, 2008 at 5:34 PM, Von Welch <vwelch at uiuc.edu> wrote:
>> So this doesn't happen if you use a container that doesn't have
>>  GS4GT installed?
>>
>>  Von
>>
>>
>>
>>  Tom Scavo wrote:
>>  > On Tue, Mar 25, 2008 at 1:31 PM, Giulio Galiero <giulio.galiero at eng.it> wrote:
>>  >>  Contacting the SecurityContextEchoService through your gridshibecho client
>>  >> results in the following error from the container logs:
>>  >>
>>  >> ERROR container.GSIServiceThread [ServiceThread-3,process:147] Error
>>  >> processing request
>>  >>  Authentication failed. Caused by Failure unspecified at GSS-API level.
>>  >> Caused by COM.claymoresystems.ptls.SSLThrewAlertException: Bad certificate
>>  >> (The signature of 'DC=edu,DC=uiuc,DC=ncsa,DC=computer,O=Shibboleth
>>  >> User,OU=https://idp.protectnetwork.org/protectnetwork-idp,CN=eng.it@idp.protectnetwork.org'
>>  >> certificate does not match its issuer)
>>  >
>>  > I can replicate this error.  When I try to start a secure container
>>  > using a GridShib CA-issued EEC, I get the following:
>>  >
>>  > 2008-03-25 14:46:47,837 ERROR container.GSIServiceThread
>>  > [ServiceThread-1,process:141] Error processing request
>>  > java.io.EOFException
>>  >         at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:56)
>>  >         at org.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:60)
>>  >         at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:122)
>>  >         at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
>>  >         at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:161)
>>  >         at org.globus.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:98)
>>  >         at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
>>  > Failed to obtain a list of services from
>>  > 'https://192.168.1.106:8443/wsrf/services/ContainerRegistryService'
>>  > service: ; nested exception is:
>>  >         org.globus.common.ChainedIOException: Authentication failed [Caused by:
>>  > Failure unspecified at GSS-API level [Caused by: Bad certificate (The
>>  > signature of 'DC=edu,DC=uiuc,DC=ncsa,DC=computer,O=Shibboleth
>>  > User,OU=https://idp.protectnetwork.org/protectnetwork-idp,CN=trscavo@idp.protectnetwork.org'
>>  > certificate does not match its issuer)]]
>>  >
>>  > We had some problems with the GridShib CA cert since GS4GT v0.6.0
>>  > Alpha was released, so I'm trying to think how that might be related.
>>  >
>>  > Tom
>>  >
>>

More information about the gridshib-user mailing list