<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffcc" text="#000000">
The same command works with pcmdi3 as well :-)<br>
(Thanks Luca!)<br>
<br>
<br>
On 8/3/10 9:17 AM, Cinquini, Luca (3880) wrote:
<blockquote
cite="mid:934E24CD-BE2B-4A27-B784-D63F1C6FD317@jpl.nasa.gov"
type="cite">
<pre wrap="">Hi Neill,
in the interest of sharing, I used the following command to download the gateway SSL certificate in pem format:
echo | openssl s_client -connect esg-gateway.jpl.nasa.gov:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > esg-gateway.jpl.nasa.pem
thanks, Luca
On Aug 3, 2010, at 9:58 AM, <a class="moz-txt-link-rfc2396E" href="mailto:neillm@mcs.anl.gov"><neillm@mcs.anl.gov></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
As discussed on the call just now, I need all OpenID trust root certificates in addition to the hostname of the machine.
For anyone that has already submitted theirs (i.e. Luca, Phil), if there are helpful commands that you can share with others, please do so in follow-up to this.
A helpful page that shows commands for working with your java key/trust store is here:
<a class="moz-txt-link-freetext" href="http://*www.*sslshopper.com/article-most-common-java-keytool-keystore-commands.html">http://*www.*sslshopper.com/article-most-common-java-keytool-keystore-commands.html</a>
I also need everyone managing a MyProxy CA to send me their CA certificates. If you're running a MyProxy CA, there are 2 simple ways to find out which certs are needed (please pick one, not both):
1) Login to the MyProxy CA host and run "ls -al ~/.globus/simpleCA/" as the user that runs the CA.
In this listing, you'll see a file called "globus_simple_ca_XXXXXXXX_setup-0.20.tar.gz" where XXXXXXXX is a hash of the CA certificate. Please send the files /etc/grid-security/certificates/XXXXXXXX.0 and /etc/grid-security/certificates/XXXXXXXX.signing_policy as well as the hostname of the CA machine.
2) Another method of finding which cert to send is to run the "grid-default-ca" program:
--------------------------------------------------------------------
$GLOBUS_LOCATION/bin/grid-default-ca
The available CA configurations installed on this host are:
Directory: /etc/grid-security/certificates
1) 0ba75d15 - /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
2) 1c3f2ca8 - /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
3) 3de8c5e9 - /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-67.ci.uchicago.edu/CN=Globus Simple CA
4) 519bfbae - /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
5) 6349a761 - /O=DOE Science Grid/OU=Certificate Authorities/CN=Certificate Manager
6) 9388e5cb - /O=Grid/OU=GlobusTest/OU=simpleCA-pcmdi3.llnl.gov/CN=Globus Simple CA
7) 9d8753eb - /DC=net/DC=es/OU=Certificate Authorities/OU=DOE Science Grid/CN=pki1
8) d1b603c3 - /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
9) ecdb249f - /O=Grid/OU=GlobusTest/OU=simpleCA-esgdev.ci.uchicago.edu/CN=Globus Simple CA
The default CA is: /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
Location: /etc/grid-security/certificates/0ba75d15.0
Enter the index number of the CA to set as the default [q to quit]
--------------------------------------------------------------------
To avoid changing anything, press "q" to quit.
Near the bottom, we are told which CA is currently our default. Please send the file located at the listed "Location" in addition to the XXXXXXXX.signing_policy file located in the same directory. Please also send the DN listed with that file and the hostname of the CA machine.
IMPORTANT: For the MyProxy CA certificates, I need both the ".0" AND the ".signing_policy" files together. Please also send the machine's hostname.
-Neill.
_______________________________________________
GO-ESSP-TECH mailing list
<a class="moz-txt-link-abbreviated" href="mailto:GO-ESSP-TECH@ucar.edu">GO-ESSP-TECH@ucar.edu</a>
<a class="moz-txt-link-freetext" href="http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech">http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech</a>
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
GO-ESSP-TECH mailing list
<a class="moz-txt-link-abbreviated" href="mailto:GO-ESSP-TECH@ucar.edu">GO-ESSP-TECH@ucar.edu</a>
<a class="moz-txt-link-freetext" href="http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech">http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Gavin M. Bell
Lawrence Livermore National Labs
--
"Never mistake a clear view for a short distance."
-Paul Saffo
(GPG Key - <a class="moz-txt-link-freetext" href="http://rainbow.llnl.gov/dist/keys/gavin.asc">http://rainbow.llnl.gov/dist/keys/gavin.asc</a>)
A796 CE39 9C31 68A4 52A7 1F6B 66B7 B250 21D5 6D3E
</pre>
</body>
</html>