grid-cert-diagnostics(1)

1GRID-CERT-DIAGNOST(1)           Globus Commands          GRID-CERT-DIAGNOST(1)
2
3
4

NAME

6       grid-cert-diagnostics - Print diagnostic information about certificates
7       and keys
8

SYNOPSIS

10       grid-cert-diagnostics [-h] | [-help]  [-p] [-n] [-c CERTIFICATE]
11

DESCRIPTION

13       The grid-cert-diagnostics program displays information about the
14       current user´s security environment, including information about
15       security-related environment variables, security directory search path,
16       personal key and certificates, and trusted certificates. It is intended
17       to provide information to help diagnose problems using GSIC.
18
19       By default, grid-cert-diagnostics prints out information regarding the
20       environment and trusted certificate directory. If the -p command-line
21       option is used, then additional information about the current user´s
22       default certificate and key will be printed.
23
24       The full set of command-line options to grid-cert-diagnostics consists
25       of:
26
27       -h, -help
28           Display a help message and exit.
29
30       -p
31           Display information about the personal certificate and key that is
32           the current user´s default credential.
33
34       -n
35           Check time synchronization with the ntpdate command.
36
37       -c CERTIFICATE, -c -
38           Check the validity of the certificate in the file named by
39           CERTIFICATE or standard input if the parameter to -c is -.
40

EXAMPLES

42       In this example, we see the default mode of checking the default
43       security environment for the system, without processing the user´s key
44       and certificate. Note the user receives a warning about a
45       cog.properties and about an expired CA certificate.
46
47           % grid-cert-diagnostics
48
49           Checking Environment Variables
50           ==============================
51           Checking if X509_CERT_DIR is set... no
52           Checking if X509_USER_CERT is set... no
53           Checking if X509_USER_KEY is set... no
54           Checking if X509_USER_PROXY is set... no
55
56           Checking Security Directories
57           =======================
58           Determining trusted cert path... /etc/grid-security/certificates
59           Checking for cog.properties... found
60               WARNING: If the cog.properties file contains security properties,
61                        Java apps will ignore the security paths described in the GSI
62                        documentation
63
64           Checking trusted certificates...
65           ================================
66           Getting trusted certificate list...
67           Checking CA file /etc/grid-security/certificates/1c4f4c48.0... ok
68           Verifying certificate chain for "/etc/grid-security/certificates/1c3f2ca8.0"... ok
69           Checking CA file /etc/grid-security/certificates/9d8788eb.0... ok
70           Verifying certificate chain for "/etc/grid-security/certificates/9d8753eb.0"... failed
71               globus_credential: Error verifying credential: Failed to verify credential
72               globus_gsi_callback_module: Could not verify credential
73               globus_gsi_callback_module: The certificate has expired:
74               Credential with subject: /DC=org/DC=example/OU=grid/CN=CA has expired.
75
76
77       In this example, we show a user with a mismatched private key and
78       certificate:
79
80           % grid-cert-diagnostics -p
81
82           Checking Environment Variables
83           ==============================
84           Checking if X509_CERT_DIR is set... no
85           Checking if X509_USER_CERT is set... no
86           Checking if X509_USER_KEY is set... no
87           Checking if X509_USER_PROXY is set... no
88
89           Checking Security Directories
90           =======================
91           Determining trusted cert path... /etc/grid-security/certificates
92           Checking for cog.properties... not found
93
94           Checking Default Credentials
95           ==============================
96           Determining certificate and key file names... ok
97           Certificate Path: "/home/juser/.globus/usercert.pem"
98           Key Path: "/home/juser/.globus/userkey.pem"
99           Reading certificate... ok
100           Reading private key...
101           ok
102           Checking Certificate Subject...
103           "/O=Grid/OU=Example/OU=User/CN=Joe User"
104           Checking cert... ok
105           Checking key... ok
106           Checking that certificate contains an RSA key... ok
107           Checking that private key is an RSA key... ok
108           Checking that public and private keys have the same modulus... failed
109           Private key modulus: D294849E37F048C3B5ACEEF2CCDF97D88B679C361E29D5CB5
110           219C3E948F3E530CFC609489759E1D751F0ACFF0515A614276A0F4C11A57D92D7165B8
111           FA64E3140155DE448D45C182F4657DA13EDA288423F5B9D169DFF3822EFD81EB2E6403
112           CE3CB4CCF96B65284D92592BB1673A18354DA241B9AFD7F494E54F63A93E15DCAE2
113           Public key modulus : C002C7B329B13BFA87BAF214EACE3DC3D490165ACEB791790
114           600708C544175D9193C9BAC5AED03B7CB49BB6AE6D29B7E635FAC751E9A6D1CEA98022
115           6F1B63002902D6623A319E4682E7BFB0968DCE962CF218AAD95FAAD6A0BA5C42AA9AAF
116           7FDD32B37C6E2B2FF0E311310AA55FFB9EAFDF5B995C7D9EEAD8D5D81F3531E0AE5
117           Certificate and and private key don´t match
118
119
120

AUTHOR

122       University of Chicago
123
124
125
126Globus Toolkit 5.0.2              04/25/2011             GRID-CERT-DIAGNOST(1)