Abstract
This provider will monitor the life of a remote certificate. It connects to an SSL TCP
listener and obtains the certificate from it. It then checks the certificate for subject, start
date, end data, and email address. All of this information is put in the Index Service if it is
successfully obtained. This provider is an execution aggregator provider. These providers are
quite useful as is and additionally serve as an example of how to create others. The perl script
and configuration file can be modified to the user's liking once installed. This provider has a
perl script and an XML configuration file. The perl script is used to obtain information and
format the information into XML output. The output is written to stdout, where it is gathered
and put into the Index Service. The XML file is of a common format that is explained here. After
installing the package, the XML configuration files will be copied to
$GLOBUS_LOCATION/etc/globus_wsrf_mds_index/default_providers/ where the
DefaultIndexService will find them and use them to register the provider.
You can download a PDF version of Cert Check Information Provider information here.
Table of Contents
Table of Contents
This provider will monitor the life of a remote certificate. It connects to an SSL TCP
listener and obtains the certificate from it. It then checks the certificate for subject, start
date, end data, and email address. All of this information is put in the Index Service if it is
successfully obtained. This provider is an execution aggregator provider. These providers are
quite useful as is and additionally serve as an example of how to create others. The perl script
and configuration file can be modified to the user's liking once installed. This provider has a
perl script and an XML configuration file. The perl script is used to obtain information and
format the information into XML output. The output is written to stdout, where it is gathered
and put into the Index Service. The XML file is of a common format that is explained here. After
installing the package, the XML configuration files will be copied to
$GLOBUS_LOCATION/etc/globus_wsrf_mds_index/default_providers/ where the
DefaultIndexService will find them and use them to register the provider.
Features new in release 4.2.1:
This provider monitors the life of a remote certificate.
This information provider depends on the following GT components:
This information provider depends on the following 3rd party software:
- A working Perl installation
Tested Platforms for this information provider:
- N/A
Tested containers for this information provider
- Java WS Core container
See Chapter 2, GT 4.2.1: Cert Check Information Provider Reference for more information about this information provider.
Table of Contents
This provider will monitor the life of a remote certificate. It connects to an SSL TCP
listener and obtains the certificate from it. It then checks the certificate for subject, start
date, end data, and email address. All of this information is put in the Index Service if it is
successfully obtained. This provider is an execution aggregator provider. These providers are
quite useful as is and additionally serve as an example of how to create others. The perl script
and configuration file can be modified to the user's liking once installed. This provider has a
perl script and an XML configuration file. The perl script is used to obtain information and
format the information into XML output. The output is written to stdout, where it is gathered
and put into the Index Service. The XML file is of a common format that is explained here. After
installing the package, the XML configuration files will be copied to
$GLOBUS_LOCATION/etc/globus_wsrf_mds_index/default_providers/ where the
DefaultIndexService will find them and use them to register the provider.
This is an execution aggregator source-based information provider.
The following configuration is required for this information provider:
In order to grant permission to the installed perl scripts the user must edit the file: $GLOBUS_LOCATION/etc/globus_wsrf_mds_index/jndi-config.xml such that the tags:
<parameter> <name>executableMappings</name> <value> aggr-test=aggregator-exec-test.sh, pingexec=example-ping-exec </value> </parameter>includes the new provider. For example:
<parameter> <name>executableMappings</name> <value> cert-info=cert-check.pl </value> </parameter>This provider will monitor the life of a remote certificate. It connects to an ssl TCP listener and obtains the certificate from it. If then checks the cert for subject, start date, end data, and email address. All of this information is put in the index if it is successfully obtained. To change what server is monitored edit the file:
GLOBUS_LOCATION/etc/globus_wsrf_mds_index/default_providers/cert-info-reg.xml
and change the line:
<RegistrantEPR xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:agg="http://mds.globus.org/aggregator/types"> <wsa:Address>https://www.SITE.COM:8443</wsa:Address> </RegistrantEPR>from "https://www.SITE.COM:8443" to the ssl server of your choice.
Data appears as part of the ServiceGroupEntry RP
General security considerations associated with the container and all MDS services apply. See: Aggregator Framework.
By default, the aggregator sources do not use authentication credentials -- they retrieve information using anonymous SSL authentication or no authentication at all, and thus retrieve only publicly-available information. If a user or administrator changes that configuration so that a service's aggregator source uses credentials to acquire non-privileged data, then that user or administrator must configure the service's aggregator sink to limit access to authorized users.