[Go-essp-tech] Call for CA and OpenID Trust root Certificates

Cinquini, Luca (3880) Luca.Cinquini at jpl.nasa.gov
Tue Aug 3 10:17:22 MDT 2010 

Hi Neill,
	in the interest of sharing, I used the following command to download the gateway SSL certificate in pem format:

echo | openssl s_client -connect esg-gateway.jpl.nasa.gov:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > esg-gateway.jpl.nasa.pem

thanks, Luca

On Aug 3, 2010, at 9:58 AM, <neillm at mcs.anl.gov> wrote:

> Hello,
> 
> As discussed on the call just now, I need all OpenID trust root certificates in addition to the hostname of the machine.
> 
> For anyone that has already submitted theirs (i.e. Luca, Phil), if there are helpful commands that you can share with others, please do so in follow-up to this.
> 
> A helpful page that shows commands for working with your java key/trust store is here:
> 
> http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
> 
> I also need everyone managing a MyProxy CA to send me their CA certificates.  If you're running a MyProxy CA, there are 2 simple ways to find out which certs are needed (please pick one, not both):
> 
> 1) Login to the MyProxy CA host and run "ls -al ~/.globus/simpleCA/" as the user that runs the CA.
> 
> In this listing, you'll see a file called "globus_simple_ca_XXXXXXXX_setup-0.20.tar.gz" where XXXXXXXX is a hash of the CA certificate.  Please send the files /etc/grid-security/certificates/XXXXXXXX.0 and /etc/grid-security/certificates/XXXXXXXX.signing_policy as well as the hostname of the CA machine.
> 
> 2) Another method of finding which cert to send is to run the "grid-default-ca" program:
> 
> --------------------------------------------------------------------
> $GLOBUS_LOCATION/bin/grid-default-ca 
> 
> The available CA configurations installed on this host are:
> 
> Directory: /etc/grid-security/certificates
> 
> 1) 0ba75d15 -  /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
> 2) 1c3f2ca8 -  /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
> 3) 3de8c5e9 -  /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-67.ci.uchicago.edu/CN=Globus Simple CA
> 4) 519bfbae -  /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
> 5) 6349a761 -  /O=DOE Science Grid/OU=Certificate Authorities/CN=Certificate Manager
> 6) 9388e5cb -  /O=Grid/OU=GlobusTest/OU=simpleCA-pcmdi3.llnl.gov/CN=Globus Simple CA
> 7) 9d8753eb -  /DC=net/DC=es/OU=Certificate Authorities/OU=DOE Science Grid/CN=pki1
> 8) d1b603c3 -  /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
> 9) ecdb249f -  /O=Grid/OU=GlobusTest/OU=simpleCA-esgdev.ci.uchicago.edu/CN=Globus Simple CA
> 
> 
> The default CA is: /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
>         Location: /etc/grid-security/certificates/0ba75d15.0
> 
> Enter the index number of the CA to set as the default [q to quit]
> --------------------------------------------------------------------
> 
> To avoid changing anything, press "q" to quit.
> 
> Near the bottom, we are told which CA is currently our default.  Please send the file located at the listed "Location" in addition to the XXXXXXXX.signing_policy file located in the same directory.  Please also send the DN listed with that file and the hostname of the CA machine.
> 
> IMPORTANT: For the MyProxy CA certificates, I need both the ".0" AND the ".signing_policy" files together.  Please also send the machine's hostname.
> 
> -Neill.
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech

More information about the GO-ESSP-TECH mailing list