1GRID-DEFAULT-CA(8) Globus Commands GRID-DEFAULT-CA(8)
2
6 grid-default-ca - Select default CA for certificate requests
7
9 grid-default-ca [-help] [-h] [-usage] [-u] [-version] [-versions]
10 grid-default-ca -list [-dir CA-DIRECTORY]
12 grid-default-ca [-ca CA-HASH] [-dir CA-DIRECTORY]
14
16 The grid-default-ca program sets the default certificate authority to
17 use when the grid-cert-request script is run. The CA´s certificate,
18 configuration, and signing policy must be installed in the trusted
19 certificate directory to be able to request certificates from that CA.
20 Note that some CAs have different policies and use other tools to
21 handle certificate requests. Please consult your CA´s support staff if
22 you unsure. The grid-default-ca is designed to work with CAs
23 implemented using the globus_simple_ca package.
24 By default, the grid-default-ca program displays a list of installed CA
26 certificates and the prompts the user for which one to set as the
27 default. If invoked with the -list command-line option, grid-default-ca
28 will print the list and not prompt nor set the default CA. If invoked
29 with the -ca option, it will not list or prompt, but set the default CA
30 to the one with the hash that matches the CA-HASH argument to that
31 option. If grid-default-ca is used to set the default CA, the caller of
32 this program must have write permissions to the trusted certificate
33 directory.
34 The grid-default-ca program sets the CA in the one of the grid security
36 directories. It looks in the directory named by the GRID_SECURITY_DIR
37 environment, the X509_CERT_DIR, /etc/grid-security, and
38 $GLOBUS_LOCATION/share/certificates.
39 The full set of command-line options to grid-default-ca are:
41 -help, -h, -usage, -u
43 Display the command-line options to grid-default-ca and exit.
44 -version, -versions
46 Display the version number of the grid-default-ca command. The
47 second form includes more details.
48 -dir CA-DIRECTORY
50 Use the trusted certificate directory named by CA-DIRECTORY instead
51 of the default.
52 -list
54 Instead of changing the default CA, print out a list of all
55 available CA certificates in the trusted certificate directory
56 -ca CA-HASH
58 Set the default CA without displaying the list of choices or
59 prompting. The CA file named by CA-HASH must exist.
60
62 List the contents of the trusted certificate directory that contain the
63 string Example:
64 % grid-default-ca | grep Example
66 15) cd1186ff - /DC=org/DC=Example/DC=Grid/CN=Example CA
67 Choose that CA as the default:
69 % grid-default-ca -ca cd1186ff
71 setting the default CA to: /DC=org/DC=Example/DC=Grid/CN=Example CA
73 linking /etc/grid-security/certificates/grid-security.conf.cd1186ff to
75 /etc/grid-security/certificates/grid-security.conf
76 linking /etc/grid-security/certificates/grid-host-ssl.conf.cd1186ff to
78 /etc/grid-security/certificates/grid-host-ssl.conf
79 linking /etc/grid-security/certificates/grid-user-ssl.conf.cd1186ff to
81 /etc/grid-security/certificates/grid-user-ssl.conf
82 ...done.
84
87 The following environment variables affect the execution of
88 grid-default-ca:
89 GRID_SECURITY_DIRECTORY
91 Path to the default trusted certificate directory.
92 X509_CERT_DIR
94 Path to the default trusted certificate directory.
95 GLOBUS_LOCATION
97 Path to the Globus Toolkit installation directory.
98
100 The grid-default-ca program displays CAs from all of the directories in
101 its search list; however, grid-cert-request only uses the first which
102 contains a grid security configuration.
103 The grid-default-ca program may display the same CA multiple times if
105 it is located in multiple directories in its search path. However, it
106 does not provide any information about which one would actually be used
107 by the grid-cert-request command.
108
110 grid-cert-request(1)
111
113 University of Chicago
114Globus Toolkit 5.0.1 03/22/2010 GRID-DEFAULT-CA(8)