1GRID-CA-CREATE(1)        Grid Community Toolkit Manual       GRID-CA-CREATE(1)
2
3
4

NAME

6       grid-ca-create - Create a CA to sign certificates for use on a grid
7

SYNOPSIS

9       grid-ca-create [ -h | -help | -usage | -version | -versions ] [
10       -openssl-help]
11
12       grid-ca-create [ OPTIONS ] [ OPENSSL-OPTIONS ]
13

DESCRIPTION

15       The grid-ca-create program creates a self-signed CA certificate and
16       related files needed to use the CA with other Globus tools. The
17       grid-ca-create program prompts for information to use to generate the
18       CA certificate, but the prompts may be avoided by using the command
19       line options.
20
21       By default, the grid-ca-create program creates the self-signed CA
22       certificate, installs it on the current machine in its trusted
23       certificate directory, and creates a source tarball which can be used
24       to generate an RPM package for the CA. If the RPM package is installed
25       on a machine, users on that machine can create certificate requests for
26       user, host, or service identity certificates to be signed by the CA
27       certificate generated by running grid-ca-create.
28
29       If run as a privileged user, the grid-ca-create program creates the CA
30       certificate and support files in the CA certificate and signing policy
31       are installed in the /etc/grid-security directory. Otherwise, the files
32       are
33

OPTIONS

35       The full set of command-line options to grid-ca-create follows. In
36       addition to these, unknown options will be passed to the openssl
37       command when creating the self-signed certificate.
38
39       -help, -h, -usage
40           Display the command-line options to grid-ca-create and exit.
41
42       -version, -versions
43           Display the version number of the grid-ca-create command. The
44           second form includes more details.
45
46       -force
47           Overwite existing CA in the destination directory if one exists.
48
49       -bits BITS
50           Create a CA certificate with a BITS long RSA key [4096]
51
52       -noint
53           Run in non-interactive mode. This will choose defaults for
54           parameters or those specified on the command line without
55           prompting. This option also implies -force.
56
57       -dir DIRECTORY
58           Create the CA in DIRECTORY. The DIRECTORY must not exist prior to
59           running grid-ca-create.
60
61       -subject SUBJECT
62           Use SUBJECT as the subject name of the self-signed CA to create. If
63           this is not specified on the command-line, grid-ca-create will
64           default to using the subject name cn=Globus Simple CA,
65           ou=$HOSTNAME, ou=GlobusTest, o=Grid.
66
67       -email ADDRESS
68           Use ADDRESS as the email address of the CA. The default
69           instructions generated by grid-ca-create tell users to mail the
70           certificate request to this address. If this is not specified on
71           the command-line, grid-ca-create will default to
72           $LOGNAME@$HOSTNAME.
73
74       -days DAYS
75           Set the default lifetime of the self-signed CA certificate to DAYS.
76           If not set, the grid-ca-create program will default to 1825 days (5
77           years).
78
79       -pass PASSWORD
80           Use the string PASSWORD to protect the CA’s private key. This is
81           useful for automating Simple CA, but may make it easier to
82           compromise the CA if someone obtains a shell on the machine storing
83           the CA’s private key.
84
85       -nobuild
86           Disable building a source tarball for distributing the CA’s public
87           information to other machines. The source tarball can be created
88           later by using the grid-ca-package command.
89
90       -g
91           Create a binary GPT package containing the new CA’s public
92           information. The package will be created in the current working
93           directory. This package can be deployed by with the gpt-install
94           tool.
95
96       -b
97           Create a binary GPT package containing the new CA’s public
98           information that is backward-compatible with GPT 3.2. Packages
99           created in this manner will work with Globus Toolkit 2.0.0-5.0.x.
100

EXAMPLES

102       Create a simple CA in $HOME/SimpleCA:
103
104           % grid-ca-create -noint -dir $HOME/SimpleCA
105
106           C e r t i f i c a t e    A u t h o r i t y    S e t u p
107
108           This script will setup a Certificate Authority for signing Globus
109           users certificates.  It will also generate a simple CA package
110           that can be distributed to the users of the CA.
111
112           The CA information about the certificates it distributes will
113           be kept in:
114
115           /home/juser/SimpleCA
116
117           The unique subject name for this CA is:
118
119           cn=Globus Simple CA, ou=simpleCA-grid.example.org, ou=GlobusTest, o=Grid
120
121           Insufficient permissions to install CA into the trusted certifiicate
122           directory (tried ${sysconfdir}/grid-security/certificates and
123           ${datadir}/certificates)
124           Creating RPM source tarball... done
125             globus_simple_ca_0146c503.tar.gz
126

ENVIRONMENT

128       The following environment variables affect the execution of
129       grid-ca-create:
130
131       GLOBUS_LOCATION
132           Non-standard installation path of the Grid Community Toolkit.
133

SEE ALSO

135       grid-cert-request(1), grid-ca-sign(1), grid-default-ca(1),
136       grid-ca-package(1)
137

AUTHOR

139       Copyright © 1999-2014 University of Chicago
140
141
142
143Grid Community Toolkit 6          03/31/2018                 GRID-CA-CREATE(1)
Impressum