Sections

About GridPP

Documents

Activities

Management

Wiki

Help Pages

Configuring a Globus version 2 installation to use the UK HEP CA

By default the grid-cert-request command will generate a certificate request to be signed by the Globus CA. If you wish to request certificates from the UK HEP Certificate Authority then you can set some defaults for grid-cert-request, either by installing ca_GridPP-local-0.8-1.noarch.rpm or by editing configuration files in the /etc/grid-security directory.

The first two files to be edited are:
/etc/grid-security/globus-user-ssl.conf
/etc/grid-security/globus-host-ssl.conf

These file contains configuration entries that define what will be included in the subject line of a certificate request. To alter the subject field you need to edit the section req_distinguished_name. The default section on a standard Globus 2 installation will be:
[ req_distinguished_name ]
# BEGIN CONFIG
0.organizationName = Level 0 Organization
0.organizationName_default = Grid
1.organizationName = Level 1 Organization
1.organizationName_default = Globus
.
.
.
# END CONFIG

which will generate a certificate subject starting /O=Grid/O=Globus To generate subjects for the UK HEP CA then edit this section in both files to be as follows:

[ req_distinguished_name ]
# BEGIN CONFIG
0.organizationName = Level 0 Organization
0.organizationName_default = Grid
1.organizationName = Level 1 Organization
1.organizationName_default = UKHEP
0.organizationalUnitName = Level 0 Organizational Unit
0.organizationalUnitName_default = YOUR.DOMAIN.NAME
commonName = Name (e.g., John M. Smith)
commonName_max = 64
# END CONFIG

Make sure there are no trailing spaces on the configuration lines and that you set the YOUR.DOMAIN.NAME entry above as appropriate to your site or organization.

The final file to edit is:
/etc/grid-security/grid-security.conf

The email address quoted in certificate requests is read from this file. Edit the file such that the start of the file is as follows:
# These values are set by globus-setup
SETUP_GSI_HOST_BASE_DN=""
SETUP_GSI_USER_BASE_DN=""
SETUP_GSI_CA_NAME=""
SETUP_GSI_CA_EMAIL_ADDR=""

_domain=`${bindir}/globus-domainname`
DEFAULT_GSI_HOST_BASE_DN="o=UKHEP, o=Grid"
DEFAULT_GSI_USER_BASE_DN="ou=${_domain}, o=UKHEP, o=Grid"
DEFAULT_GSI_CA_NAME="UKHEP CA"
DEFAULT_GSI_CA_EMAIL_ADDR="ca@hep.grid.ac.uk"

# Distinguished Name (DN) of the Host

If you have a problem email ca@hep.grid.ac.uk

Last modified Wed 26 November 2003 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3
For more about GridPP please contact Neasan O'Neill