Update: on 2009-12-28, I discovered that the certificate for the vdttest user was only good for one year. Trying to re-issue the certificate from the existing CA turned out to be a waste of time, so I just made a new CA, and issued a longer certificate this time.
On 2008-12-23, I (scot) had to make a new dummy CA to generate the vdttest user's certificate. This is because we needed a CRL for our CA to test Glexec, but we cannot find the private key that signed the CA (Alain thinks Nate created it a long time ago). I made the CA and CRL file expire 10,000 days from now, at which point I suspect the instructions will no longer work. But just in case something goes wrong before that, the steps I followed are below.
pacman -get http://vdt.cs.wisc.edu/vdt_200_cache:Globus-Simple-CA
grid-ca-sign -in /home/vdttest/.globus/usercert_request.pem -out /home/vdttest/.globus/usercert.pem chown vdttest: /home/vdttest/.globus/usercert.pem
cd /home/USER/.globus/simpleCA openssl ca -gencrl -config grid-ca-ssl.conf -crldays 10000 -keyfile private/cakey.pem -cert cacert.pem -out crl/cacrl.pem
/etc/grid-security/certificates/hash.0 /etc/grid-security/certificates/hash.signing_policy /home/USER/.globus/simpleCA/cacert.pem (this is a copy of hash.0) /home/USER/.globus/simpleCA/private/cakey.pem /home/USER/.globus/simpleCA/crl/cacrl.pem (rename this to hash.r0) /home/vdttest/.globus/usercert.pem /home/vdttest/.globus/userkey.pem