Bugzilla – Bug 1847
grid-cert-request with both /etc/grid-security and $GL/share/certificates
Last modified: 2008-08-11 14:54:51
You need to
before you can comment on or make changes to this bug.
Here's the scenario:
I'm on a host that has /etc/grid-security setup. I install Globus as a nonroot
user, and install simpleCA into $GLOBUS_LOCATION, and run the simpleCA's
setup-gsi -default -nonroot.
Now I have globus-user-ssl.conf in $GL/etc, and the CA cert in
$GL/share/certificates. If I try to request a cert from the simpleCA, though, I
can't. It's not installed in /etc/grid-security, so the default
grid-cert-request doesn't work. If I set GRID_SECURITY_DIR, grid-cert-request
That's wrong for the simpleCA nonroot install. I should be allowed to use
TRUSTED_CA to set the trusted_certs_dir, as outlined on
The workaround is to create a symlink from $GL/certificates ->
$GL/share/certificates, but the behavior is a little broken. It should check
the advertised environment variable first.
Actually, the workaround is
GRID_SECURITY_DIR = $GLOBUS_LOCATION/etc
$GLOBUS_LOCATION/etc/certificates -> $GLOBUS_LOCATION/share/certificates
This has been fixed in CVS HEAD.