1GRID-CA-CREATE(1)        Grid Community Toolkit Manual       GRID-CA-CREATE(1)
2
3
4

NAME

6       grid-ca-create - Create a CA to sign certificates for use on a grid
7

SYNOPSIS

9       grid-ca-create [ -h | -help | -usage | -version | -versions ] [
10       -openssl-help]
11
12       grid-ca-create [ OPTIONS ] [ OPENSSL-OPTIONS ]
13

DESCRIPTION

15       The grid-ca-create program creates a self-signed CA certificate and
16       related files needed to use the CA with other Globus tools. The
17       grid-ca-create program prompts for information to use to generate the
18       CA certificate, but the prompts may be avoided by using the command
19       line options.
20
21       By default, the grid-ca-create program creates the self-signed CA
22       certificate, installs it on the current machine in its trusted
23       certificate directory, and creates a source tarball which can be used
24       to generate an RPM package for the CA. If the RPM package is installed
25       on a machine, users on that machine can create certificate requests for
26       user, host, or service identity certificates to be signed by the CA
27       certificate generated by running grid-ca-create.
28
29       If run as a privileged user, the grid-ca-create program creates the CA
30       certificate and support files in the CA certificate and signing policy
31       are installed in the /etc/grid-security directory. Otherwise, the files
32       are
33

OPTIONS

35       The full set of command-line options to grid-ca-create follows. In
36       addition to these, unknown options will be passed to the openssl
37       command when creating the self-signed certificate.
38
39       -help, -h, -usage
40           Display the command-line options to grid-ca-create and exit.
41
42       -version, -versions
43           Display the version number of the grid-ca-create command. The
44           second form includes more details.
45
46       -force
47           Overwrite existing CA in the destination directory if one exists.
48
49       -bits BITS
50           Create a CA certificate with a BITS long RSA key [4096]
51
52       -noint
53           Run in non-interactive mode. This will choose defaults for
54           parameters or those specified on the command line without
55           prompting. This option also implies -force.
56
57       -dir DIRECTORY
58           Create the CA in DIRECTORY. The DIRECTORY must not exist prior to
59           running grid-ca-create.
60
61       -subject SUBJECT
62           Use SUBJECT as the subject name of the self-signed CA to create. If
63           this is not specified on the command-line, grid-ca-create will
64           default to using the subject name cn=Globus Simple CA,
65           ou=$HOSTNAME, ou=GlobusTest, o=Grid.
66
67       -email ADDRESS
68           Use ADDRESS as the email address of the CA. The default
69           instructions generated by grid-ca-create tell users to mail the
70           certificate request to this address. If this is not specified on
71           the command-line, grid-ca-create will default to
72           $LOGNAME@$HOSTNAME.
73
74       -days DAYS
75           Set the default lifetime of the self-signed CA certificate to DAYS.
76           If not set, the grid-ca-create program will default to 1825 days (5
77           years).
78
79       -pass PASSWORD
80           Use the string PASSWORD to protect the CA’s private key. This is
81           useful for automating Simple CA, but may make it easier to
82           compromise the CA if someone obtains a shell on the machine storing
83           the CA’s private key.
84
85       -nobuild
86           Disable building a source tarball for distributing the CA’s public
87           information to other machines. The source tarball can be created
88           later by using the grid-ca-package command.
89

EXAMPLES

91       Create a simple CA in $HOME/SimpleCA:
92
93           % grid-ca-create -noint -dir $HOME/SimpleCA
94
95           C e r t i f i c a t e    A u t h o r i t y    S e t u p
96
97           This script will setup a Certificate Authority for signing Globus
98           users certificates.  It will also generate a simple CA package
99           that can be distributed to the users of the CA.
100
101           The CA information about the certificates it distributes will
102           be kept in:
103
104           /home/juser/SimpleCA
105
106           The unique subject name for this CA is:
107
108           cn=Globus Simple CA, ou=simpleCA-grid.example.org, ou=GlobusTest, o=Grid
109
110           Insufficient permissions to install CA into the trusted certifiicate
111           directory (tried ${sysconfdir}/grid-security/certificates and
112           ${datadir}/certificates)
113           Creating RPM source tarball... done
114             globus_simple_ca_0146c503.tar.gz
115

ENVIRONMENT

117       The following environment variables affect the execution of
118       grid-ca-create:
119
120       GLOBUS_LOCATION
121           Non-standard installation path of the Grid Community Toolkit.
122

SEE ALSO

124       grid-cert-request(1), grid-ca-sign(1), grid-default-ca(1),
125       grid-ca-package(1)
126

AUTHOR

128       Copyright © 1999-2014 University of Chicago
129
130
131
132Grid Community Toolkit 6          06/03/2020                 GRID-CA-CREATE(1)
Impressum