·

grid-ca-create (1) Linux Manual Page

ByLinux Manual Posted on

grid-ca-create – Create a CA to sign certificates for use on a grid

Read more:

Synopsis

grid-ca-create [ -h | -help | -usage | -version | -versions ] [ -openssl-help]

grid-ca-create [ OPTIONS ] [ OPENSSL-OPTIONS ]

Description

The grid-ca-create program creates a self-signed CA certificate and related files needed to use the CA with other Globus tools. The grid-ca-create program prompts for information to use to generate the CA certificate, but the prompts may be avoided by using the command line options.

By default, the grid-ca-create program creates the self-signed CA certificate, installs it on the current machine in its trusted certificate directory, and creates a source tarball which can be used to generate an RPM package for the CA. If the RPM package is installed on a machine, users on that machine can create certificate requests for user, host, or service identity certificates to be signed by the CA certificate generated by running grid-ca-create.

If run as a privileged user, the grid-ca-create program creates the CA certificate and support files in the CA certificate and signing policy are installed in the /etc/grid-security directory. Otherwise, the files are

Options

The full set of command-line options to grid-ca-create follows. In addition to these, unknown options will be passed to the openssl command when creating the self-signed certificate.

-help, -h, -usage

Display the command-line options to grid-ca-create and exit.

-version, -versions

Display the version number of the grid-ca-create command. The second form includes more details.

-force

Overwite existing CA in the destination directory if one exists.

-bits BITS

Create a CA certificate with a BITS long RSA key [4096]

-noint

Run in non-interactive mode. This will choose defaults for parameters or those specified on the command line without prompting. This option also implies -force.

-dir DIRECTORY

Create the CA in DIRECTORY. The DIRECTORY must not exist prior to running grid-ca-create.

-subject SUBJECT

Use SUBJECT as the subject name of the self-signed CA to create. If this is not specified on the command-line, grid-ca-create will default to using the subject name cn=Globus Simple CA, ou=$HOSTNAME, ou=GlobusTest, o=Grid.

-email ADDRESS

Use ADDRESS as the email address of the CA. The default instructions generated by grid-ca-create tell users to mail the certificate request to this address. If this is not specified on the command-line, grid-ca-create will default to $LOGNAME@$HOSTNAME.

-days DAYS

Set the default lifetime of the self-signed CA certificate to DAYS. If not set, the grid-ca-create program will default to 1825 days (5 years).

-pass PASSWORD

Use the string PASSWORD to protect the CA’s private key. This is useful for automating Simple CA, but may make it easier to compromise the CA if someone obtains a shell on the machine storing the CA’s private key.

-nobuild

Disable building a source tarball for distributing the CA’s public information to other machines. The source tarball can be created later by using the grid-ca-package command.

-g

Create a binary GPT package containing the new CA’s public information. The package will be created in the current working directory. This package can be deployed by with the gpt-install tool.

-b

Create a binary GPT package containing the new CA’s public information that is backward-compatible with GPT 3.2. Packages created in this manner will work with Globus Toolkit 2.0.0-5.0.x.

Examples

Create a simple CA in $HOME/SimpleCA: 

% grid-ca-create -noint -dir $HOME/SimpleCA
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus

users certificates. It will also generate a simple CA package

that can be distributed to the users of the CA.
The CA information about the certificates it distributes will

be kept in:
/home/juser/SimpleCA
The unique subject name for this CA is:
cn=Globus Simple CA, ou=simpleCA-grid.example.org, ou=GlobusTest, o=Grid
Insufficient permissions to install CA into the trusted certifiicate

directory (tried ${sysconfdir}/grid-security/certificates and

${datadir}/certificates)

Creating RPM source tarball… done

 globus_simple_ca_0146c503.tar.gz

Environment

The following environment variables affect the execution of grid-ca-create:

GLOBUS_LOCATION

Non-standard installation path of the Globus toolkit.

See Also

grid-cert-request(1), grid-ca-sign(1), grid-default-ca(1), grid-ca-package(1)

Author

Copyright © 1999-2014 University of Chicago

Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *