Configuring a Globus version 1 installation to use the UK HEP CA
By RPM
If you have installed the UK HEP Globus RPM, completing the CA configuration by installing an additional RPM is the simplest method. Installing the RPM has the following effect:
- The client is configured so that grid-cert-request will generate UK HEP Testbed certificates.
- The server will accept both Globus and UK HEP certificates.
Manual Installation
First configure both the client and server to accept Globus Certificates
- Install the CA's public keyfile: 0ed6468a.0 in:
$GLOBUS_INSTALL/share/certificates $GLOBUS_DEPLOY/share/certificates
owned by the globus ID and chmod'd 644. Retain the name exactly as given - it is the hash of the key file. - Update the CA signing policy to accept the new CA by modifying:
$GLOBUS_INSTALL/share/certificates/ca-signing-policy.conf $GLOBUS_DEPLOY/share/certificates/ca-signing-policy.conf
At the end of the file, add:
# EACL entry #2| access_id_CA X509 '/O=Grid/O=UKHEP/CN=UK HEP Testbed CA' pos_rights globus CA:sign cond_subjects globus '"/O=Grid/O=UKHEP/*"'
To also generate certificate requests to the new UK HEP CA (The UK recommended configuration)
- Update the file: $GLOBUS_INSTALL/etc/globus-user-ssleay.conf
Replace the line:
1.organizationName_default = Globus by 1.organizationName_default = UKHEP
- Replace $GLOBUS_INSTALL/etc/grid-security.conf with the one provided.
Instructions for generating host certificates are also avalable
Last modified Wed 26 November 2003 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3