File: grid-ca-sign.xml

package info (click to toggle)
globus-simple-ca 4.14-3~bpo70+1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy-backports
  • size: 560 kB
  • sloc: sh: 5,160; xml: 500; perl: 231; makefile: 100
file content (165 lines) | stat: -rw-r--r-- 6,360 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
    <!ENTITY cmdname "grid-ca-sign">
    <!ENTITY cmd "<command>grid-ca-sign</command>">
]>
<!-- Canonical version of this document lives in 
$Header$
-->

<refentry id="grid-ca-sign" xreflabel="grid-ca-sign">
  <refentryinfo>
    <corpauthor>University of Chicago</corpauthor>
  </refentryinfo>
  <refmeta>
    <refentrytitle>&cmdname;</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="source">Globus Toolkit</refmiscinfo>
    <refmiscinfo class="version"><replaceable role="entity">version</replaceable></refmiscinfo>
  </refmeta>
  <refnamediv>
    <refname>&cmdname;</refname>
    <refpurpose>Sign a certificate with a SimpleCA for use on a grid</refpurpose>
  </refnamediv>
  <refsynopsisdiv>
    <cmdsynopsis>
      &cmd;
      <arg>-help</arg>
      <arg>-h</arg>
      <arg>-usage</arg>
      <arg>-version</arg>
      <arg>-versions</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      &cmd;
      <arg choice="plain">-in <replaceable>REQUEST</replaceable></arg>
      <arg choice="plain">-out <replaceable>CERTIFICATE</replaceable></arg>
      <sbr/>
      <arg>-force</arg>
      <arg>-dir <replaceable>DIRECTORY</replaceable></arg>
      <sbr/>
      <arg>-openssl-help</arg>
      <arg><replaceable>OPENSSL-OPTIONS</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>
  <refsect1>
    <title>Description</title>
    <para>
    The &cmd; program signs a certificate based on a request file with a CA
    certificate created by <command>grid-ca-create</command>. The new
    certificate is written to a file. If the CA has already signed a
    certificate with the same subject name as contained in the certificate
    request, it will refuse to sign the new request unless the
    <option>-force</option> option is provided on the command-line.
    </para>

    <para>
    If run as a privileged user, &cmd; uses the CA certificate and
    configuration located in
    <filename><envar>${localstatedir}</envar>/lib/globus/simple_ca</filename> to
    sign the certificate. For a non-privileged user, &cmd; uses the CA
    certificate and configuration located in
    <filename><envar>$HOME</envar>/.globus/simpleCA</filename>. The &cmd;
    program an use a different CA configuration and certificate by using the
    <option>-dir</option> option.
    </para>

    <para>
    The full set of command-line options to &cmd; follows. In addition to
    these, unknown options will be passed to the <command>openssl</command>
    command when creating the self-signed certificate. 

    <variablelist>
        <varlistentry>
            <term><option>-help</option></term>
            <term><option>-h</option></term>
            <term><option>-usage</option></term>
            <listitem><simpara>Display the command-line options to 
            &cmd; and exit.</simpara></listitem>
        </varlistentry>

        <varlistentry>
            <term><option>-version</option></term>
            <term><option>-versions</option></term>
            <listitem><simpara>Display the version number of the &cmd;
            command. The second form includes details about the package
            containing &cmd;.</simpara></listitem>
        </varlistentry>

        <varlistentry>
            <term><option>-in <replaceable>REQUEST</replaceable></option></term>
            <listitem><simpara>Sign the request contained in the
            <replaceable>REQUEST</replaceable> file.</simpara></listitem>
        </varlistentry>

        <varlistentry>
            <term><option>-out <replaceable>CERTIFICATE</replaceable></option></term>
            <listitem><simpara>Write the signed request to the
            <replaceable>CERTIFICATE</replaceable> file.</simpara></listitem>
        </varlistentry>

        <varlistentry>
            <term><option>-force</option></term>
            <listitem><simpara>Revoke any previously issued certificate with
            the same subject name as in the certificate
            request and issue a new certificate. Otherwise, &cmd; will 
            refuse to sign the request.</simpara></listitem>
        </varlistentry>

        <varlistentry>
            <term><option>-dir <replaceable>DIRECTORY</replaceable></option></term>
            <listitem><simpara>Sign the certificate using the Simple CA
            certificate and configuration located in
            <replaceable>DIRECTORY</replaceable> instead of the
            default.</simpara></listitem>
        </varlistentry>

        <varlistentry>
            <term><option>-openssl-help</option></term>
            <listitem><simpara>Print the command-line options available
            for the <command>openssl ca</command> command.</simpara></listitem>
        </varlistentry>

    </variablelist>

    </para>
  </refsect1>

  <refsect1>
    <title>Examples</title>
    <para>Sign a certificate request using the simple CA in <filename><envar>$HOME</envar>/SimpleCA</filename>
    
    <screen><prompt>% </prompt>&cmd; <option>-in usercert_request.pem -out usercert.pem</option> <option>-dir <envar>$HOME</envar>/SimpleCA</option>
<computeroutput>
To sign the request
please enter the password for the CA key: 

The new signed certificate is at: /home/juser/.globus/simpleCA/newcerts/01.pem
</computeroutput></screen>
    </para>
  </refsect1>

  <refsect1>
    <title>Environment Variables</title>

    <para>
    The following environment variables affect the execution of &cmd;:
    <variablelist>
        <varlistentry>
            <term><envar>GLOBUS_LOCATION</envar></term>
            <listitem><simpara>Non-standard installation path of the
            Globus toolkit.</simpara></listitem>
        </varlistentry>
    </variablelist>
    </para>
  </refsect1>
  <refsect1>
    <title>See Also</title>

    <para><citerefentry><refentrytitle>grid-cert-request</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>grid-ca-create</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>grid-default-ca</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>grid-ca-package</refentrytitle><manvolnum>1</manvolnum></citerefentry></para>
  </refsect1>
</refentry>