Bugzilla – Bug 6552
auto container CA will not work with GridFTP
Last modified: 2010-03-25 20:37:11
You need to
before you can comment on or make changes to this bug.
GridFTP will not serve client certificates created with the embedded auto
container CA. Here is the error:
530-globus_gsi_callback_module: Could not verify credential
530-globus_gsi_callback_module: Invalid CRL: Couldn't verify that the available
CRL is valid
530-OpenSSL Error: tasn_dec.c:710: in library: asn1 encoding routines, function
ASN1_TEMPLATE_NOEXP_D2I: nested asn1 error Field=issuer, Type=AUTHORITY_KEYID
I think the solution for this is to add this missing authority keyid field.
Bug should only be closed when GridFTP is working end to end with this type of
CA (so that we can provide some easy steps to get not just Nimbus going quickly
but the whole cloud configuration).
Let's try to solve this one. Having an admin be able to take the new installer
and arrive at a full cloud-config much more easily (not necessarily *just*
using the installer this time around) is something we should really shoot for.
I can deal with the parts in Java where the CA is created to try and fix the
issue but hoping to get a little QA help on testing end to end install that
includes a GridFTP installation.
Fix merged to master
EzPz CA can now write out a valid .r0 file which GridFTP
accepts. And web autoca.py now makes this happen during install.
Sorry, should have recorded: master for Nimbus 2.4