[Go-essp-tech] Call for CA and OpenID Trust root Certificates

Gavin M. Bell gavin at llnl.gov
Tue Aug 3 11:25:14 MDT 2010 

 The same command works with pcmdi3 as well :-)
(Thanks Luca!)


On 8/3/10 9:17 AM, Cinquini, Luca (3880) wrote:
> Hi Neill,
> 	in the interest of sharing, I used the following command to download the gateway SSL certificate in pem format:
>
> echo | openssl s_client -connect esg-gateway.jpl.nasa.gov:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > esg-gateway.jpl.nasa.pem
>
> thanks, Luca
>
> On Aug 3, 2010, at 9:58 AM, <neillm at mcs.anl.gov> wrote:
>
>> Hello,
>>
>> As discussed on the call just now, I need all OpenID trust root certificates in addition to the hostname of the machine.
>>
>> For anyone that has already submitted theirs (i.e. Luca, Phil), if there are helpful commands that you can share with others, please do so in follow-up to this.
>>
>> A helpful page that shows commands for working with your java key/trust store is here:
>>
>> http://*www.*sslshopper.com/article-most-common-java-keytool-keystore-commands.html
>>
>> I also need everyone managing a MyProxy CA to send me their CA certificates.  If you're running a MyProxy CA, there are 2 simple ways to find out which certs are needed (please pick one, not both):
>>
>> 1) Login to the MyProxy CA host and run "ls -al ~/.globus/simpleCA/" as the user that runs the CA.
>>
>> In this listing, you'll see a file called "globus_simple_ca_XXXXXXXX_setup-0.20.tar.gz" where XXXXXXXX is a hash of the CA certificate.  Please send the files /etc/grid-security/certificates/XXXXXXXX.0 and /etc/grid-security/certificates/XXXXXXXX.signing_policy as well as the hostname of the CA machine.
>>
>> 2) Another method of finding which cert to send is to run the "grid-default-ca" program:
>>
>> --------------------------------------------------------------------
>> $GLOBUS_LOCATION/bin/grid-default-ca 
>>
>> The available CA configurations installed on this host are:
>>
>> Directory: /etc/grid-security/certificates
>>
>> 1) 0ba75d15 -  /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
>> 2) 1c3f2ca8 -  /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
>> 3) 3de8c5e9 -  /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-67.ci.uchicago.edu/CN=Globus Simple CA
>> 4) 519bfbae -  /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
>> 5) 6349a761 -  /O=DOE Science Grid/OU=Certificate Authorities/CN=Certificate Manager
>> 6) 9388e5cb -  /O=Grid/OU=GlobusTest/OU=simpleCA-pcmdi3.llnl.gov/CN=Globus Simple CA
>> 7) 9d8753eb -  /DC=net/DC=es/OU=Certificate Authorities/OU=DOE Science Grid/CN=pki1
>> 8) d1b603c3 -  /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
>> 9) ecdb249f -  /O=Grid/OU=GlobusTest/OU=simpleCA-esgdev.ci.uchicago.edu/CN=Globus Simple CA
>>
>>
>> The default CA is: /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
>>         Location: /etc/grid-security/certificates/0ba75d15.0
>>
>> Enter the index number of the CA to set as the default [q to quit]
>> --------------------------------------------------------------------
>>
>> To avoid changing anything, press "q" to quit.
>>
>> Near the bottom, we are told which CA is currently our default.  Please send the file located at the listed "Location" in addition to the XXXXXXXX.signing_policy file located in the same directory.  Please also send the DN listed with that file and the hostname of the CA machine.
>>
>> IMPORTANT: For the MyProxy CA certificates, I need both the ".0" AND the ".signing_policy" files together.  Please also send the machine's hostname.
>>
>> -Neill.
>> _______________________________________________
>> GO-ESSP-TECH mailing list
>> GO-ESSP-TECH at ucar.edu
>> http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech
>
>

-- 
Gavin M. Bell
Lawrence Livermore National Labs
--

 "Never mistake a clear view for a short distance."
       	       -Paul Saffo

(GPG Key - http://rainbow.llnl.gov/dist/keys/gavin.asc)

 A796 CE39 9C31 68A4 52A7  1F6B 66B7 B250 21D5 6D3E

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ucar.edu/pipermail/go-essp-tech/attachments/20100803/44e0d07f/attachment.html

More information about the GO-ESSP-TECH mailing list