How to Generate an OSG Certificate with the VDT and get it Signed



Document describing how to generate and authorize a Grid certificate for a service host.

Note: This requires you be able to directly authorize a host cert

--++ Generating The Certificate

Setup the environment


Setup the cert request

Reading from /data/vdt/globus/TRUSTED_CA
Using hash: 1c3f2ca8
Setting up grid-cert-request
Running grid-security-config...

Before you use the Grid Security Infrastructure, you should first
define the DN (distinguished name) that should be used for your
organization's X509 certificates.  If you do not define a DN,
a default DN will be assigned to you.

For some questions, a default response is given in [].
Pressing RETURN in response to such a question will enable the default.
This script will overwrite the file --



(1) Base DN for user certificates
         [ OU=People,DC=doegrids,DC=org ]
(2) Base DN for host certificates
         [ OU=Services,DC=doegrids,DC=org ]

(q) save, configure the GSI and Quit
(c) Cancel (exit without saving or configuring)
(h) Help

Successfully created cert request configuration files in:

Move the old certificates to some backup area (eg. /etc/grid-security/oldcerts)

cd /etc/grid-security
mkdir oldcerts
mv host* oldcerts

Generate the host certificate

./globus/bin/grid-cert-request -host <FQ hostname>

Retrieve the Certificate

Take the contents of the file hostcert_request.pem and paste it into this form

Select OSG and iVDGL from the drop down and submit.

Paste the results into hostcert.pem


-- TerrenceMartin - 20 Nov 2006

Topic revision: r2 - 2006/11/20 - 20:37:32 - TerrenceMartin
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback