Difference between revisions of "JGridstart/Dot-globus"

Globus has a convention for storing and retrieving the user's key and certificate. On unix and related systems, this is a directory ~/.globus . This page discusses the files that can be present.

• userkey.pem - the user's private key in PEM format
• usercert.pem - the user's public certificate in PEM format
• cog.properties - security properties used by Globus CoG, allows customising the others (!) CogProperties /(JavaDoc)
• certificates/ - CA certificates to replace system's location when present (also in CogProperties). This directory contains files named by the hash code of each CA identity (can be obtained by running openssl x509 -in yourcert.pem -noout -hash on the CA certificate [1])
  • <hash>.0 - CA certificate
  • <hash>.info - CA metadata [2]
  • <hash>.namespaces - signing policy namespace [3]
  • <hash>.signing_policy - GSI signing policy. The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate.
  • <hash>.crl_url - URL of the corresponding certificate revocation list
  • <hash>.r0 - copy of the certificate revocation list

Grix additionally uses the following files:

• usercert_request.pem - the original certificate signing request for the certificate
• usercert.p12 -
• (userkey|usercert_request|usercert).pem.new - key/csr/cert for pending renewal

The Java CoG Kit Desktop additionally has the following files:

• cogreq.txt - CoG registration information
• desktop.properties - settings (Java properties file)

Additional files:

• userrequest.pem - certificate signing request used by some

Location of ~/.globus

Unix and related: ~/.globus Windows: c:\Documents and Settings\[your username]\.globus

Links

• Globus security
  • Environment variables and locations for globus C API
• Security and Certificates on the Grid
• Interoperability tests of AAF PKI Pilot and APAC Grid