Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide (coming soon)
- Migrating from GT2
- Migrating from GT3
Reference
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces (coming soon)
- Resource Properties
- Samples
- Glossary
- Performance Studies (coming soon)
Manuals
Common Runtime
Security
- Non-WS (General) Security
- WS Java Security
- Message-level
- Authz Framework
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
- SGAS
Data Mgt
MDS4
Execution Mgt
Table of Contents
- 1. [JWSSEC-248] Secure container requires valid credentials
- 2. Failed to start container: Container failed to initialize [Caused by: [JWSSEC-250] Failed to load certificate/key file]
- 3. Failed to start container: Container failed to initialize [Caused by: [JWSSEC-249] Failed to load proxy file]
- 4. Failed to start container: Container failed to initialize [Caused by: [JWSSEC-245] Error parsing file: "etc/globus_wsrf_core/global_security_descriptor.xml" [Caused by: ...]
- 5. [JGLOBUS-77] Unknown CA
This error occurs when globus-start-container is run without any valid credentials. Either a proxy certificate or service/host certificate needs to be configured for the container to start up
Solutions:
If you are not looking to start up a container that uses GSI Secure Transport, which is used by the container by default, use "globus-start-container -nosec". You will be able to use insecure clients and services. However, this also implies that if you have not configured individual services with credentials, you will not be able to securely access the service.
If you are running a personal container, generate proxy certificate. If proxy certificate is not in default, configure container security descriptor as described Configuring Container Security Descriptor
If you are looking to use host certificates, configure container security descriptor as described Configuring Credentials
This error occurs if the file path to the container certificate and key configured are invalid.
Solutions:
The path to container certificate and key are configured in $GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml. This file is loaded as described here. Ensure that the path is correct.
This error occurs if container proxy file configured is invalid.
Solutions:
The path to container proxy certificates are configured in $GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml. This file is loaded as described here. Ensure that the path is correct.
This error occurs if the container security descriptor configured is invalid.
Solutions:
The container security descriptor should conform to the Container Security Descriptor Schema
Refer to the "Caused by: " section for details on specific element that is not correct.
This error occurs if the CA certificate for the credentials being used is not installed correctly.
Solutions:
If this issue occurs on the server side, the container is not configured with CA certificates. The container looks for trusted certificates in default location as described Java CoG Toolkit FAQ
On the server side the trused certificates can be configured as described in Trusted Certificates
On the client side, trusted certificates can be configured as described in Configuring Trusted Credentials