• Sign In
  1. Messages

Creating a New Globus GRAM user certificate fails

CPAS Forum (Inactive)

View Message

view list print
Creating a New Globus GRAM user certificate fails greener  2010-02-01 16:49
Status: Closed
 
Since our certificate expired on our enterprise pipeline, I have been trying to request a new certificate, I tripled checked the password that was used during install, but openssl continues to fails. Any suggestions folks have is muchly appreciated. Thanks -Rich

[root@oscarproto1 .globus]# /usr/cpas/gt4.0.6/bin/grid-ca-sign -in ~labkey/.globus/usercert_request.pem -out ~labkey/.globus/usercert.pem

To sign the request
please enter the password for the CA key:

ERROR running command:

 /usr/cpas/gt4.0.6/bin/openssl ca -passin stdin \
    -batch -config /root/.globus/simpleCA//grid-ca-ssl.conf \
    -in /tmp/tmp_cert_req.pem.1791 -out /tmp/tmp_cert.pem.1791

========== ERROR MESSAGES FROM OPENSSL ==========
Using configuration from /root/.globus/simpleCA//grid-ca-ssl.conf
unable to load CA private key
1826:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject
1826:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:450:
1826:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:423:
=================================================

ERROR: The CA private key could not be loaded.
Possibly an incorrect password for the CA key was used.
 
 
Brian Connolly responded:  2010-02-01 18:04
Assigned To: Brian Connolly
Rich,
Lets verify that the password you are using is correct. The following command will verify that password you are using is the correct one for the CA key

openssl rsa -noout -text -in /root/.globus/simpleCA/private/cakey.pem


Does the password work for this command?
 
greener responded:  2010-02-01 19:41
nope, when I try it with the install notes password I get:
Enter pass phrase for /root/.globus/simpleCA/private/cakey.pem:
unable to load Private Key
17305:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:450:
17305:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:423:
[root@oscarproto1
 
Brian Connolly responded:  2010-02-02 08:51
Rich,
I think you are using the incorrect password from your documentation. Can you send me an email directly, so we setup a time to get on the phone and get working again.

Thank you,

Brian