Difference between revisions of "JGridstart/Dot-globus"
From PDP/Grid Wiki
Jump to navigationJump to search|  (add template) | |||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | [http://www.globus.org/ Globus] has a convention for storing and retrieving the user's key and certificate. On unix and related systems, this is a directory ~/.globus . This page discusses the files that can be present. | + | {{JGridstart}}[http://www.globus.org/ Globus] has a convention for storing and retrieving the user's key and certificate. On unix and related systems, this is a directory ~/.globus . This page discusses the files that can be present. | 
| * <tt>userkey.pem</tt> - the user's private key in PEM format | * <tt>userkey.pem</tt> - the user's private key in PEM format | ||
| * <tt>usercert.pem</tt> - the user's public certificate in PEM format | * <tt>usercert.pem</tt> - the user's public certificate in PEM format | ||
| * <tt>cog.properties</tt> - security properties used by [http://www-unix.globus.org/toolkit/cog.html Globus CoG], allows customising the others (!) [http://viewcvs.globus.org/viewcvs.cgi/jglobus/src/org/globus/common/CoGProperties.java?root=Java+COG&view=markup CogProperties] /([http://www-unix.globus.org/cog/distribution/1.4/api/org/globus/common/CoGProperties.html JavaDoc]) | * <tt>cog.properties</tt> - security properties used by [http://www-unix.globus.org/toolkit/cog.html Globus CoG], allows customising the others (!) [http://viewcvs.globus.org/viewcvs.cgi/jglobus/src/org/globus/common/CoGProperties.java?root=Java+COG&view=markup CogProperties] /([http://www-unix.globus.org/cog/distribution/1.4/api/org/globus/common/CoGProperties.html JavaDoc]) | ||
| − | * <tt>certificates/</tt> - CA certificates to replace system's location when present (also in CogProperties). This directory contains files named by the hash code of each CA identity: | + | * <tt>certificates/</tt> - CA certificates to replace system's location when present (also in CogProperties). This directory contains files named by the hash code of each CA identity (can be obtained by running <tt>openssl x509 -in yourcert.pem -noout -hash</tt> on the CA certificate [http://globus.org/toolkit/docs/2.4/admin/guide-configure.html]) | 
| ** <tt><hash>.0</tt> - CA certificate | ** <tt><hash>.0</tt> - CA certificate | ||
| − | ** <tt><hash>.info</tt> - | + | ** <tt><hash>.info</tt> - CA metadata [http://lists.canarie.ca/pipermail/tagpma-general/2007-July/001848.html] | 
| − | ** <tt><hash>.namespaces</tt> -   | + | ** <tt><hash>.namespaces</tt> - signing policy namespace [http://forge.gridforum.org/sf/sfmain/do/downloadAttachment/projects.caops-wg/wiki/HomePage?id=atch4420] | 
| ** <tt><hash>.signing_policy</tt> - GSI signing policy. The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate. | ** <tt><hash>.signing_policy</tt> - GSI signing policy. The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate. | ||
| ** <tt><hash>.crl_url</tt> - URL of the corresponding [http://en.wikipedia.org/wiki/Certificate_revocation_list certificate revocation list] | ** <tt><hash>.crl_url</tt> - URL of the corresponding [http://en.wikipedia.org/wiki/Certificate_revocation_list certificate revocation list] | ||
| ** <tt><hash>.r0</tt> - copy of the [http://en.wikipedia.org/wiki/Certificate_revocation_list certificate revocation list] | ** <tt><hash>.r0</tt> - copy of the [http://en.wikipedia.org/wiki/Certificate_revocation_list certificate revocation list] | ||
| + | |||
| + | [http://www.arcs.org.au/products-services/authorisation-services/grix Grix] additionally uses the following files: | ||
| + | * <tt>usercert_request.pem</tt> - the original certificate signing request for the certificate | ||
| + | * <tt>usercert.p12</tt> - PKCS#12 file containing key and certificate | ||
| + | * <tt>(userkey|usercert_request|usercert).pem.new</tt> - key/csr/cert for pending renewal | ||
| + | |||
| + | The [http://wiki.cogkit.org/index.php/Java_CoG_Kit#Java_CoG_Kit_Desktop_.28prototype.29 Java CoG Kit Desktop] additionally has the following files: | ||
| + | * <tt>cogreq.txt</tt> - CoG registration information | ||
| + | * <tt>desktop.properties</tt> - settings (Java properties file) | ||
| + | |||
| + | [http://jgridstart.nikhef.nl/ jGridstart] and/or the [https://ca.dutchgrid.nl/ DutchGrid CA] use the following in their scripts | ||
| + | * <tt>userrequest.pem</tt> - the original certificate signing request for the certificate | ||
| + | * <tt>userinfo.properties</tt> - jGridstart settings (Java properties file) | ||
| ==Location of <tt>~/.globus</tt>== | ==Location of <tt>~/.globus</tt>== | ||
Latest revision as of 12:39, 29 March 2012
<sidebar>
- jGridstart
- JGridstart|Home
- JGridstart/Help|Help
- JGridstart/Support|Support
 
- jGridstart for ...
- JGridstart/Certificate_Authorities|Certificate Authorities
- JGridstart/Developers|Developers
 
</sidebar>Globus has a convention for storing and retrieving the user's key and certificate. On unix and related systems, this is a directory ~/.globus . This page discusses the files that can be present.
- userkey.pem - the user's private key in PEM format
- usercert.pem - the user's public certificate in PEM format
- cog.properties - security properties used by Globus CoG, allows customising the others (!) CogProperties /(JavaDoc)
- certificates/ - CA certificates to replace system's location when present (also in CogProperties). This directory contains files named by the hash code of each CA identity (can be obtained by running openssl x509 -in yourcert.pem -noout -hash on the CA certificate [1])
- <hash>.0 - CA certificate
- <hash>.info - CA metadata [2]
- <hash>.namespaces - signing policy namespace [3]
- <hash>.signing_policy - GSI signing policy. The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate.
- <hash>.crl_url - URL of the corresponding certificate revocation list
- <hash>.r0 - copy of the certificate revocation list
 
Grix additionally uses the following files:
- usercert_request.pem - the original certificate signing request for the certificate
- usercert.p12 - PKCS#12 file containing key and certificate
- (userkey|usercert_request|usercert).pem.new - key/csr/cert for pending renewal
The Java CoG Kit Desktop additionally has the following files:
- cogreq.txt - CoG registration information
- desktop.properties - settings (Java properties file)
jGridstart and/or the DutchGrid CA use the following in their scripts
- userrequest.pem - the original certificate signing request for the certificate
- userinfo.properties - jGridstart settings (Java properties file)
Location of ~/.globus
Unix and related: ~/.globus Windows: c:\Documents and Settings\[your username]\.globus
