If you are not looking to start up a container that uses GSI Secure Transport, which is used by the container by default, use globus-start-container -nosec. You will be able to use insecure clients and services. However, this also implies that if you have not configured individual services with credentials, you will not be able to securely access the service.

If you are running a personal container, generate a proxy certificate with grid-proxy-init. If the proxy certificate is not in the default location, configure the container security descriptor as described in Configuring Container Security Descriptor.

If you want to use host certificates, configure the container security descriptor as described Configuring Credentials.

The path to the container certificate and key are configured in $GLOBUS_LOCATION/etc/globus_wsrf_core/ global_security_descriptor.xml. This file is loaded as described [here - fixme link]. Ensure that the path is correct.

The path to the container proxy certificates are configured in $GLOBUS_LOCATION/etc/globus_wsrf_core/ global_security_descriptor.xml. This file is loaded as described [here - fixme link]. Ensure that the path is correct.

The container security descriptor should conform to the Container Security Descriptor Schema.

Refer to the "Caused by: " section for details on the specific element that is not correct.

If this issue occurs on the server side, the container is not configured with CA certificates. The container looks for trusted certificates in the default location as described Java CoG Toolkit FAQ

On the server side, the trusted certificates can be configured as described in Trusted Certificates

On the client side, trusted certificates can be configured as described in Configuring Trusted Credentials