[Go-essp-tech] Call for CA and OpenID Trust root Certificates
neillm at mcs.anl.gov
neillm at mcs.anl.gov
Fri Aug 6 09:49:34 MDT 2010
Hello,
Thanks to everyone that has submitted their certificate information! At the moment, I have a list of MyProxy and OpenID trusted certificates listed here:
http://www.ci.uchicago.edu/wiki/bin/view/ESGProject/ESGFederationTrustRoots
While this page is obviously not complete, please verify that the certificates that you've sent appear in the listings. I'd like to know roughly how many more I should be expecting before moving on to fill in the other details as well, so if you know you haven't sent yours in yet, please let me know (off-list is fine).
thanks,
-Neill.
----- Original Message -----
From: neillm at mcs.anl.gov
To: go-essp-tech at ucar.edu
Sent: Tuesday, August 3, 2010 10:58:29 AM GMT -06:00 US/Canada Central
Subject: [Go-essp-tech] Call for CA and OpenID Trust root Certificates
Hello,
As discussed on the call just now, I need all OpenID trust root certificates in addition to the hostname of the machine.
For anyone that has already submitted theirs (i.e. Luca, Phil), if there are helpful commands that you can share with others, please do so in follow-up to this.
A helpful page that shows commands for working with your java key/trust store is here:
http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
I also need everyone managing a MyProxy CA to send me their CA certificates. If you're running a MyProxy CA, there are 2 simple ways to find out which certs are needed (please pick one, not both):
1) Login to the MyProxy CA host and run "ls -al ~/.globus/simpleCA/" as the user that runs the CA.
In this listing, you'll see a file called "globus_simple_ca_XXXXXXXX_setup-0.20.tar.gz" where XXXXXXXX is a hash of the CA certificate. Please send the files /etc/grid-security/certificates/XXXXXXXX.0 and /etc/grid-security/certificates/XXXXXXXX.signing_policy as well as the hostname of the CA machine.
2) Another method of finding which cert to send is to run the "grid-default-ca" program:
--------------------------------------------------------------------
$GLOBUS_LOCATION/bin/grid-default-ca
The available CA configurations installed on this host are:
Directory: /etc/grid-security/certificates
1) 0ba75d15 - /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
2) 1c3f2ca8 - /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
3) 3de8c5e9 - /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-67.ci.uchicago.edu/CN=Globus Simple CA
4) 519bfbae - /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
5) 6349a761 - /O=DOE Science Grid/OU=Certificate Authorities/CN=Certificate Manager
6) 9388e5cb - /O=Grid/OU=GlobusTest/OU=simpleCA-pcmdi3.llnl.gov/CN=Globus Simple CA
7) 9d8753eb - /DC=net/DC=es/OU=Certificate Authorities/OU=DOE Science Grid/CN=pki1
8) d1b603c3 - /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
9) ecdb249f - /O=Grid/OU=GlobusTest/OU=simpleCA-esgdev.ci.uchicago.edu/CN=Globus Simple CA
The default CA is: /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
Location: /etc/grid-security/certificates/0ba75d15.0
Enter the index number of the CA to set as the default [q to quit]
--------------------------------------------------------------------
To avoid changing anything, press "q" to quit.
Near the bottom, we are told which CA is currently our default. Please send the file located at the listed "Location" in addition to the XXXXXXXX.signing_policy file located in the same directory. Please also send the DN listed with that file and the hostname of the CA machine.
IMPORTANT: For the MyProxy CA certificates, I need both the ".0" AND the ".signing_policy" files together. Please also send the machine's hostname.
-Neill.
_______________________________________________
GO-ESSP-TECH mailing list
GO-ESSP-TECH at ucar.edu
http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
More information about the GO-ESSP-TECH
mailing list