[Go-essp-tech] Call for CA and OpenID Trust root Certificates
Cinquini, Luca (3880)
Luca.Cinquini at jpl.nasa.gov
Tue Aug 3 10:17:22 MDT 2010
Hi Neill,
in the interest of sharing, I used the following command to download the gateway SSL certificate in pem format:
echo | openssl s_client -connect esg-gateway.jpl.nasa.gov:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > esg-gateway.jpl.nasa.pem
thanks, Luca
On Aug 3, 2010, at 9:58 AM, <neillm at mcs.anl.gov> wrote:
> Hello,
>
> As discussed on the call just now, I need all OpenID trust root certificates in addition to the hostname of the machine.
>
> For anyone that has already submitted theirs (i.e. Luca, Phil), if there are helpful commands that you can share with others, please do so in follow-up to this.
>
> A helpful page that shows commands for working with your java key/trust store is here:
>
> http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
>
> I also need everyone managing a MyProxy CA to send me their CA certificates. If you're running a MyProxy CA, there are 2 simple ways to find out which certs are needed (please pick one, not both):
>
> 1) Login to the MyProxy CA host and run "ls -al ~/.globus/simpleCA/" as the user that runs the CA.
>
> In this listing, you'll see a file called "globus_simple_ca_XXXXXXXX_setup-0.20.tar.gz" where XXXXXXXX is a hash of the CA certificate. Please send the files /etc/grid-security/certificates/XXXXXXXX.0 and /etc/grid-security/certificates/XXXXXXXX.signing_policy as well as the hostname of the CA machine.
>
> 2) Another method of finding which cert to send is to run the "grid-default-ca" program:
>
> --------------------------------------------------------------------
> $GLOBUS_LOCATION/bin/grid-default-ca
>
> The available CA configurations installed on this host are:
>
> Directory: /etc/grid-security/certificates
>
> 1) 0ba75d15 - /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
> 2) 1c3f2ca8 - /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
> 3) 3de8c5e9 - /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-67.ci.uchicago.edu/CN=Globus Simple CA
> 4) 519bfbae - /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
> 5) 6349a761 - /O=DOE Science Grid/OU=Certificate Authorities/CN=Certificate Manager
> 6) 9388e5cb - /O=Grid/OU=GlobusTest/OU=simpleCA-pcmdi3.llnl.gov/CN=Globus Simple CA
> 7) 9d8753eb - /DC=net/DC=es/OU=Certificate Authorities/OU=DOE Science Grid/CN=pki1
> 8) d1b603c3 - /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
> 9) ecdb249f - /O=Grid/OU=GlobusTest/OU=simpleCA-esgdev.ci.uchicago.edu/CN=Globus Simple CA
>
>
> The default CA is: /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
> Location: /etc/grid-security/certificates/0ba75d15.0
>
> Enter the index number of the CA to set as the default [q to quit]
> --------------------------------------------------------------------
>
> To avoid changing anything, press "q" to quit.
>
> Near the bottom, we are told which CA is currently our default. Please send the file located at the listed "Location" in addition to the XXXXXXXX.signing_policy file located in the same directory. Please also send the DN listed with that file and the hostname of the CA machine.
>
> IMPORTANT: For the MyProxy CA certificates, I need both the ".0" AND the ".signing_policy" files together. Please also send the machine's hostname.
>
> -Neill.
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
More information about the GO-ESSP-TECH
mailing list