[Go-essp-tech] Call for CA and OpenID Trust root Certificates

Alex Sim asim at lbl.gov
Fri Aug 6 10:04:56 MDT 2010 

 I hate to bring this up again, but the DN format has to work out
without GlobusTest in it.

-- Alex


On 8/6/10 8:49 AM, neillm at mcs.anl.gov wrote:
> Hello,
>
> Thanks to everyone that has submitted their certificate information!  At the moment, I have a list of MyProxy and OpenID trusted certificates listed here:
>
> http://www.ci.uchicago.edu/wiki/bin/view/ESGProject/ESGFederationTrustRoots
>
> While this page is obviously not complete, please verify that the certificates that you've sent appear in the listings.  I'd like to know roughly how many more I should be expecting before moving on to fill in the other details as well, so if you know you haven't sent yours in yet, please let me know (off-list is fine).
>
> thanks,
> -Neill.
>
> ----- Original Message -----
> From: neillm at mcs.anl.gov
> To: go-essp-tech at ucar.edu
> Sent: Tuesday, August 3, 2010 10:58:29 AM GMT -06:00 US/Canada Central
> Subject: [Go-essp-tech] Call for CA and OpenID Trust root Certificates
>
> Hello,
>
> As discussed on the call just now, I need all OpenID trust root certificates in addition to the hostname of the machine.
>
> For anyone that has already submitted theirs (i.e. Luca, Phil), if there are helpful commands that you can share with others, please do so in follow-up to this.
>
> A helpful page that shows commands for working with your java key/trust store is here:
>
> http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
>
> I also need everyone managing a MyProxy CA to send me their CA certificates.  If you're running a MyProxy CA, there are 2 simple ways to find out which certs are needed (please pick one, not both):
>
> 1) Login to the MyProxy CA host and run "ls -al ~/.globus/simpleCA/" as the user that runs the CA.
>
> In this listing, you'll see a file called "globus_simple_ca_XXXXXXXX_setup-0.20.tar.gz" where XXXXXXXX is a hash of the CA certificate.  Please send the files /etc/grid-security/certificates/XXXXXXXX.0 and /etc/grid-security/certificates/XXXXXXXX.signing_policy as well as the hostname of the CA machine.
>
> 2) Another method of finding which cert to send is to run the "grid-default-ca" program:
>
> --------------------------------------------------------------------
> $GLOBUS_LOCATION/bin/grid-default-ca 
>
> The available CA configurations installed on this host are:
>
> Directory: /etc/grid-security/certificates
>
> 1) 0ba75d15 -  /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
> 2) 1c3f2ca8 -  /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
> 3) 3de8c5e9 -  /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-67.ci.uchicago.edu/CN=Globus Simple CA
> 4) 519bfbae -  /O=Grid/OU=GlobusTest/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
> 5) 6349a761 -  /O=DOE Science Grid/OU=Certificate Authorities/CN=Certificate Manager
> 6) 9388e5cb -  /O=Grid/OU=GlobusTest/OU=simpleCA-pcmdi3.llnl.gov/CN=Globus Simple CA
> 7) 9d8753eb -  /DC=net/DC=es/OU=Certificate Authorities/OU=DOE Science Grid/CN=pki1
> 8) d1b603c3 -  /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
> 9) ecdb249f -  /O=Grid/OU=GlobusTest/OU=simpleCA-esgdev.ci.uchicago.edu/CN=Globus Simple CA
>
>
> The default CA is: /O=Grid/OU=GlobusTest2/OU=simpleCA-vm-125-66.ci.uchicago.edu/CN=Globus Simple CA
>          Location: /etc/grid-security/certificates/0ba75d15.0
>
> Enter the index number of the CA to set as the default [q to quit]
> --------------------------------------------------------------------
>
> To avoid changing anything, press "q" to quit.
>
> Near the bottom, we are told which CA is currently our default.  Please send the file located at the listed "Location" in addition to the XXXXXXXX.signing_policy file located in the same directory.  Please also send the DN listed with that file and the hostname of the CA machine.
>
> IMPORTANT: For the MyProxy CA certificates, I need both the ".0" AND the ".signing_policy" files together.  Please also send the machine's hostname.
>
> -Neill.
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
>

More information about the GO-ESSP-TECH mailing list