[Go-essp-tech] MyPRoxy Certs to Keystore/Truststore Conversion...?

Gavin M Bell gavin at llnl.gov
Wed Jan 27 11:57:20 MST 2010 

Philip,

Thank you for the info and being explicit with the exact command line.
thanks!  I can quite easily integrate that into the esg-node script to
execute these lines.  I will have to ping you when I get to putting this
in for a bit more details (If I can't figure it out myself) about
exactly what and where MyProxy calls it's keys. Thanks again!


philip.kershaw at stfc.ac.uk wrote:
> Hi Gavin,
> 
> It should be possible to put into a simple script.  Openssl can be used to convert the certificates returned by MyProxy from PEM format to DER ready for import with keytool e.g.
> 
> $ openssl x509 -inform pem -in my_ca.pem -outform der -out my_ca.der
> $ keytool -import -alias my_ca -file my_ca.der -keystore keystorename -storepass keystorepassword
> 
> Cheers,
> Phil
>> -----Original Message-----
>> From: go-essp-tech-bounces at ucar.edu [mailto:go-essp-tech-
>> bounces at ucar.edu] On Behalf Of Gavin M Bell
>> Sent: 26 January 2010 18:34
>> To: go-essp-tech at ucar.edu
>> Subject: [Go-essp-tech] MyPRoxy Certs to Keystore/Truststore
>> Conversion...?
>>
>> Hello Gentle-people,
>>
>> It was a very good telcon today about security and everyone's hard work
>> with getting this key aspect of the project done.  During the call I
>> think we had decided on having keys be managed via MyProxy and it's
>> built in facilities and then using a conversion tool to transform the
>> MyProxy certs into a Java keystore/truststore file.
>>
>> Who is going to be doing that?  And what is the time frame? And where
>> is
>> that code going to live?
>>
>> I ask because I would like to incorporate it into the data-node script
>> such that one could easily create an up-to-date keystore/truststore
>> during installation, and have the script be called in a cronjob to
>> maintain these files as was suggested.
>>
>>
>>
>> --
>> Gavin M. Bell
>> Lawrence Livermore National Labs
>> --
>>
>>  "Never mistake a clear view for a short distance."
>>        	       -Paul Saffo
>>
>> (GPG Key - http://*rainbow.llnl.gov/dist/keys/gavin.asc)
>>
>>  A796 CE39 9C31 68A4 52A7  1F6B 66B7 B250 21D5 6D3E
>> _______________________________________________
>> GO-ESSP-TECH mailing list
>> GO-ESSP-TECH at ucar.edu
>> http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech

-- 
Gavin M. Bell
Lawrence Livermore National Labs
--

 "Never mistake a clear view for a short distance."
       	       -Paul Saffo

(GPG Key - http://rainbow.llnl.gov/dist/keys/gavin.asc)

 A796 CE39 9C31 68A4 52A7  1F6B 66B7 B250 21D5 6D3E

More information about the GO-ESSP-TECH mailing list