1GRID-DEFAULT-CA(8)       Grid Community Toolkit Manual      GRID-DEFAULT-CA(8)
2
3
4

NAME

6       grid-default-ca - Select default CA for certificate requests
7

SYNOPSIS

9       grid-default-ca -help | -h | -usage | -u | -version | -versions
10
11       grid-default-ca [-ca CA-HASH | -list ] [OPTIONS]
12

DESCRIPTION

14       The grid-default-ca program sets the default certificate authority to
15       use when the grid-cert-request script is run. The CA’s certificate,
16       configuration, and signing policy must be installed in the trusted
17       certificate directory to be able to request certificates from that CA.
18       Note that some CAs have different policies and use other tools to
19       handle certificate requests. Please consult your CA’s support staff if
20       you unsure. The grid-default-ca is designed to work with CAs
21       implemented using the globus_simple_ca package.
22
23       By default, the grid-default-ca program displays a list of installed CA
24       certificates and the prompts the user for which one to set as the
25       default. If invoked with the -list command-line option, grid-default-ca
26       will print the list and not prompt nor set the default CA. If invoked
27       with the -ca option, it will not list or prompt, but set the default CA
28       to the one with the hash that matches the CA-HASH argument to that
29       option. If grid-default-ca is used to set the default CA, the caller of
30       this program must have write permissions to the trusted certificate
31       directory.
32
33       The grid-default-ca program sets the CA in the one of the grid security
34       directories. It looks in the directory named by the GRID_SECURITY_DIR
35       environment, the X509_CERT_DIR environment, /etc/grid-security and
36       $GLOBUS_LOCATION/share/certificates.
37

OPTIONS

39       The full set of command-line options to grid-default-ca are:
40
41       -help, -h, -usage, -u
42           Display the command-line options to grid-default-ca and exit.
43
44       -version, -versions
45           Display the version number of the grid-default-ca command. The
46           second form includes more details.
47
48       -dir CA-DIRECTORY
49           Use the trusted certificate directory named by CA-DIRECTORY instead
50           of the default.
51
52       -list
53           Instead of changing the default CA, print out a list of all
54           available CA certificates in the trusted certificate directory.
55
56       -ca CA-HASH
57           Set the default CA without displaying the list of choices or
58           prompting. The CA file named by CA-HASH must exist.
59

EXAMPLES

61       List the contents of the trusted certificate directory that contain the
62       string Example:
63
64           % grid-default-ca | grep Example
65           15) cd1186ff -  /DC=org/DC=Example/DC=Grid/CN=Example CA
66
67       Choose that CA as the default:
68
69           % grid-default-ca -ca cd1186ff
70           setting the default CA to: /DC=org/DC=Example/DC=Grid/CN=Example CA
71           linking /etc/grid-security/certificates/grid-security.conf.cd1186ff to
72                   /etc/grid-security/certificates/grid-security.conf
73           linking /etc/grid-security/certificates/grid-host-ssl.conf.cd1186ff  to
74                   /etc/grid-security/certificates/grid-host-ssl.conf
75           linking /etc/grid-security/certificates/grid-user-ssl.conf.cd1186ff  to
76                   /etc/grid-security/certificates/grid-user-ssl.conf
77           ...done.
78

ENVIRONMENT

80       The following environment variables affect the execution of
81       grid-default-ca: GRID_SECURITY_DIRECTORY:: Path to the default trusted
82       certificate directory. X509_CERT_DIR:: Path to the default trusted
83       certificate directory. GLOBUS_LOCATION:: Path to the Grid Community
84       Toolkit installation directory.
85

BUGS

87       The grid-default-ca program displays CAs from all of the directories in
88       its search list; however, grid-cert-request only uses the first which
89       contains a grid security configuration.
90
91       The grid-default-ca program may display the same CA multiple times if
92       it is located in multiple directories in its search path. However, it
93       does not provide any information about which one would actually be used
94       by the grid-cert-request command.
95

SEE ALSO

97       grid-cert-request(1)
98

AUTHOR

100       Copyright © 1999-2014 University of Chicago
101
102
103
104Grid Community Toolkit 6          03/31/2018                GRID-DEFAULT-CA(8)
Impressum