1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
'\" t
.\" Title: grid-default-ca
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date: 03/31/2018
.\" Manual: Grid Community Toolkit Manual
.\" Source: Grid Community Toolkit 6
.\" Language: English
.\"
.TH "GRID\-DEFAULT\-CA" "8" "03/31/2018" "Grid Community Toolkit 6" "Grid Community Toolkit Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
grid-default-ca \- Select default CA for certificate requests
.SH "SYNOPSIS"
.sp
\fBgrid\-default\-ca\fR \-help | \-h | \-usage | \-u | \-version | \-versions
.sp
\fBgrid\-default\-ca\fR [\-ca \fICA\-HASH\fR | \-list ] [OPTIONS]
.SH "DESCRIPTION"
.sp
The \fBgrid\-default\-ca\fR program sets the default certificate authority to use when the \fBgrid\-cert\-request\fR script is run\&. The CA\(cqs certificate, configuration, and signing policy must be installed in the trusted certificate directory to be able to request certificates from that CA\&. Note that some CAs have different policies and use other tools to handle certificate requests\&. Please consult your CA\(cqs support staff if you unsure\&. The \fBgrid\-default\-ca\fR is designed to work with CAs implemented using the \fBglobus_simple_ca\fR package\&.
.sp
By default, the \fBgrid\-default\-ca\fR program displays a list of installed CA certificates and the prompts the user for which one to set as the default\&. If invoked with the \fI\-list\fR command\-line option, \fBgrid\-default\-ca\fR will print the list and not prompt nor set the default CA\&. If invoked with the \fI\-ca\fR option, it will not list or prompt, but set the default CA to the one with the hash that matches the \fICA\-HASH\fR argument to that option\&. If \fBgrid\-default\-ca\fR is used to set the default CA, the caller of this program must have write permissions to the trusted certificate directory\&.
.sp
The \fBgrid\-default\-ca\fR program sets the CA in the one of the grid security directories\&. It looks in the directory named by the GRID_SECURITY_DIR environment, the X509_CERT_DIR environment, /etc/grid\-security and $GLOBUS_LOCATION/share/certificates\&.
.SH "OPTIONS"
.sp
The full set of command\-line options to \fBgrid\-default\-ca\fR are:
.PP
\fB\-help, \-h, \-usage, \-u\fR
.RS 4
Display the command\-line options to
\fBgrid\-default\-ca\fR
and exit\&.
.RE
.PP
\fB\-version, \-versions\fR
.RS 4
Display the version number of the
\fBgrid\-default\-ca\fR
command\&. The second form includes more details\&.
.RE
.PP
\fB\-dir \fR\fB\fICA\-DIRECTORY\fR\fR
.RS 4
Use the trusted certificate directory named by
\fICA\-DIRECTORY\fR
instead of the default\&.
.RE
.PP
\fB\-list\fR
.RS 4
Instead of changing the default CA, print out a list of all available CA certificates in the trusted certificate directory\&.
.RE
.PP
\fB\-ca \fR\fB\fICA\-HASH\fR\fR
.RS 4
Set the default CA without displaying the list of choices or prompting\&. The CA file named by
\fICA\-HASH\fR
must exist\&.
.RE
.SH "EXAMPLES"
.sp
List the contents of the trusted certificate directory that contain the string Example:
.sp
.if n \{\
.RS 4
.\}
.nf
% grid\-default\-ca | grep Example
15) cd1186ff \- /DC=org/DC=Example/DC=Grid/CN=Example CA
.fi
.if n \{\
.RE
.\}
.sp
Choose that CA as the default:
.sp
.if n \{\
.RS 4
.\}
.nf
% grid\-default\-ca \-ca cd1186ff
setting the default CA to: /DC=org/DC=Example/DC=Grid/CN=Example CA
linking /etc/grid\-security/certificates/grid\-security\&.conf\&.cd1186ff to
/etc/grid\-security/certificates/grid\-security\&.conf
linking /etc/grid\-security/certificates/grid\-host\-ssl\&.conf\&.cd1186ff to
/etc/grid\-security/certificates/grid\-host\-ssl\&.conf
linking /etc/grid\-security/certificates/grid\-user\-ssl\&.conf\&.cd1186ff to
/etc/grid\-security/certificates/grid\-user\-ssl\&.conf
\&.\&.\&.done\&.
.fi
.if n \{\
.RE
.\}
.SH "ENVIRONMENT"
.sp
The following environment variables affect the execution of \fBgrid\-default\-ca\fR: \fBGRID_SECURITY_DIRECTORY\fR:: Path to the default trusted certificate directory\&. \fBX509_CERT_DIR\fR:: Path to the default trusted certificate directory\&. \fBGLOBUS_LOCATION\fR:: Path to the Grid Community Toolkit installation directory\&.
.SH "BUGS"
.sp
The \fBgrid\-default\-ca\fR program displays CAs from all of the directories in its search list; however, \fBgrid\-cert\-request\fR only uses the first which contains a grid security configuration\&.
.sp
The \fBgrid\-default\-ca\fR program may display the same CA multiple times if it is located in multiple directories in its search path\&. However, it does not provide any information about which one would actually be used by the \fBgrid\-cert\-request\fR command\&.
.SH "SEE ALSO"
.sp
grid\-cert\-request(1)
.SH "AUTHOR"
.sp
Copyright \(co 1999\-2014 University of Chicago
|
