Name
grid-proxy-init — Generate a new proxy certificate
Synopsis
grid-proxy-init
Tool description
grid-proxy-init generates X.509 proxy certificates.
By default, this command generates Proxy Draft Proxy Certificates that are very similar to RFC 3820 Proxy Certificates with the exception that the ProxyCertInfo extension is identified with a non-standard OID: "1.3.6.1.4.1.3536.1.1.222". (Defined in the C code by PROXYCERTINFO_OLD_OID and in java by GSIConstants.GSI_3_IMPERSONATION_PROXY).
There are also options available for generating other types of proxy certificates, including RFC 3820, limited, independent and legacy. For more information about proxy certificate types and their compatibility in GT, see http://dev.globus.org/wiki/Security/ProxyCertTypes.
Options
Table 12. Command line options
| -help, -usage | Displays usage. |
| -version | Displays version. |
| -debug | Enables extra debug output. |
| -q | Quiet mode, minimal output. |
| -verify | Verifies the certificate to make the proxy for. |
| -pwstdin | Allows passphrase from stdin. |
| -rfc | Creates a RFC 3820 proxy. |
| -limited | Creates a limited globus proxy. |
| -independent | Creates an independent globus proxy. |
| -old | Creates a legacy globus proxy. |
| -valid <h:m> | Proxy is valid for h hours and m minutes (default:12:00). |
| -hours <hours> | Deprecated support of hours option. |
| -bits <bits> | Number of bits in key {512|1024|2048|4096}. |
| -policy <policyfile> | File containing the policy to store in the ProxyCertInfo extension. |
| -pl <oid>, -policy-language <oid> | OID string for the policy language used in the policy file. |
| -path-length <l> | Allows a chain of at most 1 proxies to be generated from this one. |
| -cert <certfile> | Non-standard location of user certificate. |
| -key <keyfile> | Non-standard location of user key. |
| -certdir <certdir> | Non-standard location of trusted cert directory. |
| -out <proxyfile> | Non-standard location of new proxy cert. |