Software Links
Getting Started
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide
- Migrating Guides
Reference
Manuals
Common Runtime
Security
- GSI C
- GSI Java
- Java WS A&A
- C WS A&A (coming soon)
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
Data Mgt
WS MDS
Execution Mgt
Name
grid-cert-request — Create a certificate request
Synopsis
grid-cert-request [-help] [-version] [-verbose] [-force]
[-commonname NAME] [-service SERVICE] [-host FQDN] [-interactive]
[-dir DIRECTORY] [-prefix PREFIX] [-ca [HASH]] [-nopw]
Description
grid-cert-request generates a public/private key pair an X.509 certificate request containing the public key and a subject name. By default, it generates a request for a user certificate for the invoking user. grid-cert-request can also be used to create host or service certificates based on command-line options. At least one Certificate Authority must be configured to use with the Globus Toolkit in order for this command to succeed.
Complete set of options to grid-cert-request is:
-help | Print help information and exit |
-version | Print version information and exit |
-verbose | Don't clear screen after running OpenSSL |
-force | Overwrite an existing certificate request if present. |
-commonname | Construct a subject name with
NAME as the final name
component. By default, the subject name is inferred from
the output of the finger program. If that
fails, grid-cert-request will prompt
of a name. |
-service | Construct a subject name with the common name
constructed from the SERVICE
name and the hostname joined by the /
character. The -service requires that the
-host option also be used. The private
key created for a service certificate request is not
encrypted. |
-host | Construct a subject name with
FQDN as the name of the host.
This must be a fully-qualified name in dotted string
notation (e.g. grid.example.org). If
no service is specified by the -service
option, the subject name will be
host/FQDN.The
private key created for a host certificate request is not
encrypted. By default the host certificate request and key
are created in /etc/grid-security.
|
-interactive | Interactively prompt for the components of the certificate subject name. |
-dir | Write the certificate request and key to
DIRECTORY, creating it if the
directory does not exist. By default, the certificate
request and key are placed in |
-prefix | Prepend the string PREFIX
to the certificate, key, and request filenames. The default
prefix is user for user certificates and
host for host certificates. |
-ca | Choose a non-default Certificate Authority
configuration to construct the certificate request. If
HASH is present on the command
line, then grid-cert-request will use
that certificate authority's configuration. Otherwise, it
will prompt the user for a CA to choose from the list of
configured CAs. |
-nopw | Create a private key without a password. This may be a security risk if the file permissions of the private key are not carefully maintained. |
Examples
Request a user certificate:
%grid-cert-requestA certificate request and private key is being created. You will be asked to enter a PEM pass phrase. This pass phrase is akin to your account password, and is used to protect your key file. If you forget your pass phrase, you will need to obtain a new certificate. Generating a 1024 bit RSA private key .....................++++++ ........++++++ writing new private key to '/home/juser/.globus/userkey.pem' Enter PEM pass phrase: A private key and a certificate request has been generated with the subject: /O=Grid/OU=Example/OU=User/CN=Joe User If the CN=Joe User is not appropriate, rerun this script with the -force -cn "Common Name" options. Your private key is stored in /home/juser/.globus/userkey.pem Your request is stored in /home/juser/.globus/usercert_request.pem Please e-mail the request to the Globus Certificate Service ca@grid.example.org You may use a command similar to the following: cat /home/juser/.globus/usercert_request.pem | mail ca@grid.example.org Only use the above if this machine can send AND receive e-mail. if not, please mail using some other method. Your certificate will be mailed to you within two working days. If you receive no response, contact Globus Certificate Service at ca@grid.example.org
Request a host certificate, putting the request and key files in the
$HOME/.globus/host
%grid-cert-request-host grid.example.org-dir $HOME/.globus/hostA private host key and a certificate request has been generated with the subject: /O=Grid/OU=Example/OU=User/CN=host/grid.example.org ---------------------------------------------------------- The private key is stored in /tmp/examplegrid/hostkey.pem The request is stored in /tmp/examplegrid/hostcert_request.pem Please e-mail the request to the Globus Certificate Service ca@grid.example.org You may use a command similar to the following: cat /tmp/examplegrid/hostcert_request.pem | mail ca@grid.example.org Only use the above if this machine can send AND receive e-mail. if not, please mail using some other method. Your certificate will be mailed to you within two working days. If you receive no response, contact Globus Certificate Service at ca@grid.example.org