The .lsc file looks good to me--check it out yourself. It's a straightforward file with the DN of host and the DN of the CA.
It's interesting that it says "Using configuration file /home/dweitzel/.glite/vomses". Do you really have one there? Is it valid?
I did use osgedu instead of hcc (since I'm not in hcc). That certainly could account for the difference. So I went ahead and added you to the osgedu VO--can you give it a try with it?
Yep, worked with osgedu, but not with HCC. What is wrong with our voms? Is it because we have a hyphen?
Here's the extended attributes I was issued from the HCC VOMS server:
[brian@brian-test ~]$ voms-proxy-info -all
subject : /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307/CN=proxy
issuer : /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307
identity : /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307
type : proxy
strength : 1024 bits
path : /tmp/x509up_u502
timeleft : 11:58:00
key usage : Digital Signature, Key Encipherment, Data Encipherment
=== VO hcc extension information ===
VO : hcc
subject : /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307
issuer : /DC=org/DC=doegrids/OU=Services/CN=http/hcc-voms.unl.edu
attribute : /hcc/Role=NULL/Capability=NULL
timeleft : 12:09:44
uri : hcc-voms:15000
So - it appears there's about a 10 minute clock skew on hcc-voms. Also, the "uri" appears as "hcc-voms" instead of "hcc-voms.unl.edu". If you purposely skew the clock on the client host and symlink to have a file named "hcc-voms.lsc", the certificate is successfully verified.
I believe both issues are errors on the HCC side. The LSC files work with the CMS VOMS server.
I can confirm. The changes to hcc voms worked.
The LSC files have been distributed for a while. Closing ticket.