installation of a gt4 simpleCA: a step-by-step tutorial….
Another note from Teldemokles: “User globus needs read/write permissions in the $GLOBUS_LOCATION dir!”
1. Creating a simple CA
setup simple CA
as globus:
$GLOBUS_LOCATION/setup/globus/setup-simple-ca
setup gsi things
as root:
$GLOBUS_LOCATION/setup/globus_simple_ca_#CAHASH#_setup/setup-gsi -default
or as globus: add
-nonroot
2. Obtaining and signing the host certificate - using the simple CA cert
request host certificate
as root:
grid-cert-request -host 'my.host'
sign the host cert using the CA cert
as globus:
grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out /homeLocal/globus/hostsigned.pem
move the signed host cert and change owner
as root:
mv /homeLocal/globus/hostsigned.pem /etc/grid-security/hostcert.pem
chown root:root /etc/grid-security/hostcert.pem
3. Obtaining and signing the user certificate - using the host cert
request user cert
as user:
grid-cert-request
move it to the globus home dir and change owner to globus (instead of mailing)
as root:
cp /home/user/.globus/usercert_request.pem /homeLocal/globus/usercert_request.pem
chown globus:users /homeLocal/globus/usercert_request.pem
sign the user cert with the CA cert
as globus:
grid-ca-sign -in /homeLocal/globus/usercert_request.pem -out /homeLocal/globus/usercert_signed.pem
copy the signed user cert back to the user’s dir
as root:
cp /homeLocal/globus/usercert_signed.pem /home/user/.globus/usercert.pem
chown user:users /home/user/.globus/usercert.pem
4. verify the simple CA cert installation
do a grid-proxy-init
as user:
grid-proxy-init -debug -verify
5. DONE, if NO ERRORS occur, otherwise UNDONE!! Then look at the articles below :-)