Difference between revisions of "JGridstart/Dot-globus"

From PDP/Grid Wiki
Jump to navigationJump to search
(add links)
Line 4: Line 4:
 
* <tt>usercert.pem</tt> - the user's public certificate in PEM format
 
* <tt>usercert.pem</tt> - the user's public certificate in PEM format
 
* <tt>cog.properties</tt> - security properties used by [http://www-unix.globus.org/toolkit/cog.html Globus CoG], allows customising the others (!) [http://viewcvs.globus.org/viewcvs.cgi/jglobus/src/org/globus/common/CoGProperties.java?root=Java+COG&view=markup CogProperties] /([http://www-unix.globus.org/cog/distribution/1.4/api/org/globus/common/CoGProperties.html JavaDoc])
 
* <tt>cog.properties</tt> - security properties used by [http://www-unix.globus.org/toolkit/cog.html Globus CoG], allows customising the others (!) [http://viewcvs.globus.org/viewcvs.cgi/jglobus/src/org/globus/common/CoGProperties.java?root=Java+COG&view=markup CogProperties] /([http://www-unix.globus.org/cog/distribution/1.4/api/org/globus/common/CoGProperties.html JavaDoc])
* <tt>certificates/</tt> - CA certificates to replace system's location when present (also in CogProperties)
+
* <tt>certificates/</tt> - CA certificates to replace system's location when present (also in CogProperties). This directory contains files named by the hash code of each CA identity:
 +
** <tt>&lt;hash&gt;.0</tt> - CA certificate
 +
** <tt>&lt;hash&gt;.info</tt> -
 +
** <tt>&lt;hash&gt;.namespaces</tt> -
 +
** <tt>&lt;hash&gt;.signing_policy</tt> - GSI signing policy. The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate.
 +
** <tt>&lt;hash&gt;.crl_url</tt> - URL of the corresponding [http://en.wikipedia.org/wiki/Certificate_revocation_list certificate revocation list]
 +
** <tt>&lt;hash&gt;.r0</tt> - copy of the [http://en.wikipedia.org/wiki/Certificate_revocation_list certificate revocation list]
  
 
==Location of <tt>~/.globus</tt>==
 
==Location of <tt>~/.globus</tt>==
Line 14: Line 20:
 
** [http://globus.org/toolkit/docs/latest-stable/security/gsic/pi/#gsic-env-var Environment variables and locations for globus C API]
 
** [http://globus.org/toolkit/docs/latest-stable/security/gsic/pi/#gsic-env-var Environment variables and locations for globus C API]
 
* [http://www.ci.uchicago.edu/~benc/wits/security.html Security and Certificates on the Grid]
 
* [http://www.ci.uchicago.edu/~benc/wits/security.html Security and Certificates on the Grid]
 +
* [https://wiki.aaf.edu.au/display/esecurity/Interoperability+tests Interoperability tests of AAF PKI Pilot and APAC Grid]

Revision as of 10:00, 20 May 2009

Globus has a convention for storing and retrieving the user's key and certificate. On unix and related systems, this is a directory ~/.globus . This page discusses the files that can be present.

  • userkey.pem - the user's private key in PEM format
  • usercert.pem - the user's public certificate in PEM format
  • cog.properties - security properties used by Globus CoG, allows customising the others (!) CogProperties /(JavaDoc)
  • certificates/ - CA certificates to replace system's location when present (also in CogProperties). This directory contains files named by the hash code of each CA identity:
    • <hash>.0 - CA certificate
    • <hash>.info -
    • <hash>.namespaces -
    • <hash>.signing_policy - GSI signing policy. The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate.
    • <hash>.crl_url - URL of the corresponding certificate revocation list
    • <hash>.r0 - copy of the certificate revocation list

Location of ~/.globus

Unix and related: ~/.globus Windows: c:\Documents and Settings\[your username]\.globus

Links