Difference between revisions of "JGridstart/Dot-globus"

From PDP/Grid Wiki
Jump to navigationJump to search
m
m
Line 14: Line 14:
 
[http://www.arcs.org.au/products-services/authorisation-services/grix Grix] additionally uses the following files:
 
[http://www.arcs.org.au/products-services/authorisation-services/grix Grix] additionally uses the following files:
 
* <tt>usercert_request.pem</tt> - the original certificate signing request for the certificate
 
* <tt>usercert_request.pem</tt> - the original certificate signing request for the certificate
* <tt>usercert.p12</tt> -  
+
* <tt>usercert.p12</tt> - PKCS#12 file containing key and certificate
 
* <tt>(userkey|usercert_request|usercert).pem.new</tt> - key/csr/cert for pending renewal
 
* <tt>(userkey|usercert_request|usercert).pem.new</tt> - key/csr/cert for pending renewal
  

Revision as of 11:53, 20 May 2009

Globus has a convention for storing and retrieving the user's key and certificate. On unix and related systems, this is a directory ~/.globus . This page discusses the files that can be present.

  • userkey.pem - the user's private key in PEM format
  • usercert.pem - the user's public certificate in PEM format
  • cog.properties - security properties used by Globus CoG, allows customising the others (!) CogProperties /(JavaDoc)
  • certificates/ - CA certificates to replace system's location when present (also in CogProperties). This directory contains files named by the hash code of each CA identity (can be obtained by running openssl x509 -in yourcert.pem -noout -hash on the CA certificate [1])
    • <hash>.0 - CA certificate
    • <hash>.info - CA metadata [2]
    • <hash>.namespaces - signing policy namespace [3]
    • <hash>.signing_policy - GSI signing policy. The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate.
    • <hash>.crl_url - URL of the corresponding certificate revocation list
    • <hash>.r0 - copy of the certificate revocation list

Grix additionally uses the following files:

  • usercert_request.pem - the original certificate signing request for the certificate
  • usercert.p12 - PKCS#12 file containing key and certificate
  • (userkey|usercert_request|usercert).pem.new - key/csr/cert for pending renewal

The Java CoG Kit Desktop additionally has the following files:

  • cogreq.txt - CoG registration information
  • desktop.properties - settings (Java properties file)

Additional files:

  • userrequest.pem - certificate signing request used by some

Location of ~/.globus

Unix and related: ~/.globus Windows: c:\Documents and Settings\[your username]\.globus

Links