[Go-essp-tech] MyPRoxy Certs to Keystore/Truststore Conversion...?
philip.kershaw at stfc.ac.uk
philip.kershaw at stfc.ac.uk
Wed Jan 27 06:45:14 MST 2010
Hi Gavin,
It should be possible to put into a simple script. Openssl can be used to convert the certificates returned by MyProxy from PEM format to DER ready for import with keytool e.g.
$ openssl x509 -inform pem -in my_ca.pem -outform der -out my_ca.der
$ keytool -import -alias my_ca -file my_ca.der -keystore keystorename -storepass keystorepassword
Cheers,
Phil
> -----Original Message-----
> From: go-essp-tech-bounces at ucar.edu [mailto:go-essp-tech-
> bounces at ucar.edu] On Behalf Of Gavin M Bell
> Sent: 26 January 2010 18:34
> To: go-essp-tech at ucar.edu
> Subject: [Go-essp-tech] MyPRoxy Certs to Keystore/Truststore
> Conversion...?
>
> Hello Gentle-people,
>
> It was a very good telcon today about security and everyone's hard work
> with getting this key aspect of the project done. During the call I
> think we had decided on having keys be managed via MyProxy and it's
> built in facilities and then using a conversion tool to transform the
> MyProxy certs into a Java keystore/truststore file.
>
> Who is going to be doing that? And what is the time frame? And where
> is
> that code going to live?
>
> I ask because I would like to incorporate it into the data-node script
> such that one could easily create an up-to-date keystore/truststore
> during installation, and have the script be called in a cronjob to
> maintain these files as was suggested.
>
>
>
> --
> Gavin M. Bell
> Lawrence Livermore National Labs
> --
>
> "Never mistake a clear view for a short distance."
> -Paul Saffo
>
> (GPG Key - http://rainbow.llnl.gov/dist/keys/gavin.asc)
>
> A796 CE39 9C31 68A4 52A7 1F6B 66B7 B250 21D5 6D3E
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
--
Scanned by iCritical.
More information about the GO-ESSP-TECH
mailing list