1GRID-DEFAULT-CA(8)              Globus Commands             GRID-DEFAULT-CA(8)
2
3
4

NAME

6       grid-default-ca - Select default CA for certificate requests
7

SYNOPSIS

9       grid-default-ca [-help] [-h] [-usage] [-u] [-version] [-versions]
10
11       grid-default-ca -list [-dir CA-DIRECTORY]
12
13       grid-default-ca [-ca CA-HASH] [-dir CA-DIRECTORY]
14

DESCRIPTION

16       The grid-default-ca program sets the default certificate authority to
17       use when the grid-cert-request script is run. The CA´s certificate,
18       configuration, and signing policy must be installed in the trusted
19       certificate directory to be able to request certificates from that CA.
20       Note that some CAs have different policies and use other tools to
21       handle certificate requests. Please consult your CA´s support staff if
22       you unsure. The grid-default-ca is designed to work with CAs
23       implemented using the globus_simple_ca package.
24
25       By default, the grid-default-ca program displays a list of installed CA
26       certificates and the prompts the user for which one to set as the
27       default. If invoked with the -list command-line option, grid-default-ca
28       will print the list and not prompt nor set the default CA. If invoked
29       with the -ca option, it will not list or prompt, but set the default CA
30       to the one with the hash that matches the CA-HASH argument to that
31       option. If grid-default-ca is used to set the default CA, the caller of
32       this program must have write permissions to the trusted certificate
33       directory.
34
35       The grid-default-ca program sets the CA in the one of the grid security
36       directories. It looks in the directory named by the GRID_SECURITY_DIR
37       environment, the X509_CERT_DIR, /etc/grid-security, and
38       $GLOBUS_LOCATION/share/certificates.
39
40       The full set of command-line options to grid-default-ca are:
41
42       -help, -h, -usage, -u
43           Display the command-line options to grid-default-ca and exit.
44
45       -version, -versions
46           Display the version number of the grid-default-ca command. The
47           second form includes more details.
48
49       -dir CA-DIRECTORY
50           Use the trusted certificate directory named by CA-DIRECTORY instead
51           of the default.
52
53       -list
54           Instead of changing the default CA, print out a list of all
55           available CA certificates in the trusted certificate directory
56
57       -ca CA-HASH
58           Set the default CA without displaying the list of choices or
59           prompting. The CA file named by CA-HASH must exist.
60

EXAMPLES

62       List the contents of the trusted certificate directory that contain the
63       string Example:
64
65           % grid-default-ca | grep Example
66           15) cd1186ff -  /DC=org/DC=Example/DC=Grid/CN=Example CA
67
68       Choose that CA as the default:
69
70           % grid-default-ca -ca cd1186ff
71
72           setting the default CA to: /DC=org/DC=Example/DC=Grid/CN=Example CA
73
74           linking /etc/grid-security/certificates/grid-security.conf.cd1186ff to
75                   /etc/grid-security/certificates/grid-security.conf
76
77           linking /etc/grid-security/certificates/grid-host-ssl.conf.cd1186ff  to
78                   /etc/grid-security/certificates/grid-host-ssl.conf
79
80           linking /etc/grid-security/certificates/grid-user-ssl.conf.cd1186ff  to
81                   /etc/grid-security/certificates/grid-user-ssl.conf
82
83           ...done.
84
85

ENVIRONMENT VARIABLES

87       The following environment variables affect the execution of
88       grid-default-ca:
89
90       GRID_SECURITY_DIRECTORY
91           Path to the default trusted certificate directory.
92
93       X509_CERT_DIR
94           Path to the default trusted certificate directory.
95
96       GLOBUS_LOCATION
97           Path to the Globus Toolkit installation directory.
98

BUGS

100       The grid-default-ca program displays CAs from all of the directories in
101       its search list; however, grid-cert-request only uses the first which
102       contains a grid security configuration.
103
104       The grid-default-ca program may display the same CA multiple times if
105       it is located in multiple directories in its search path. However, it
106       does not provide any information about which one would actually be used
107       by the grid-cert-request command.
108

SEE ALSO

110       grid-cert-request(1)
111

AUTHOR

113       University of Chicago
114
115
116
117Globus Toolkit 5.0.1              03/22/2010                GRID-DEFAULT-CA(8)
Impressum