File: grid-ca-sign.txt

package info (click to toggle)
globus-simple-ca 5.0-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster
  • size: 544 kB
  • sloc: sh: 5,231; perl: 267; makefile: 98
file content (93 lines) | stat: -rw-r--r-- 2,977 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
GRID-CA-SIGN(1)
===============
:doctype:      manpage
:man source:   Grid Community Toolkit
:man version:  6
:man manual:   Grid Community Toolkit Manual
:man software: Grid Community Toolkit

NAME
----
grid-ca-sign - Sign a certificate with a SimpleCA for use on a grid

SYNOPSIS
--------
*grid-ca-sign* -in 'REQUEST' -out 'CERTIFICATE' [OPTIONS]

*grid-ca-sign* [ -help | -h | -usage | -version | -versions ]

DESCRIPTION
-----------
The *grid-ca-sign* program signs a certificate based on a request file with a CA
certificate created by *grid-ca-create*. The new
certificate is written to a file. If the CA has already signed a
certificate with the same subject name as contained in the certificate
request, it will refuse to sign the new request unless the
'-force' option is provided on the command-line.

If run as a privileged user, *grid-ca-sign* uses the CA certificate and
configuration located in +${localstatedir}/lib/globus/simple_ca+ to
sign the certificate. For a non-privileged user, *grid-ca-sign* uses the CA
certificate and configuration located in +$HOME/.globus/simpleCA+. The
*grid-ca-sign* program an use a different CA configuration and certificate by
using the '-dir' option.

OPTIONS
-------
The full set of command-line options to *grid-ca-sign* follows. In addition to
these, unknown options will be passed to the *openssl* command when creating
the self-signed certificate. 

*-help, -h, -usage*::
    Display the command-line options to *grid-ca-sign* and exit.

*-version, -versions*::
    Display the version number of the *grid-ca-sign* command. The second form
    includes details about the package containing *grid-ca-sign*.

*-in 'REQUEST'*::
    Sign the request contained in the 'REQUEST' file.

*-out 'CERTIFICATE'*::
    Write the signed request to the 'CERTIFICATE' file.

*-force*::
    Revoke any previously issued certificate with the same subject name as in
    the certificate request and issue a new certificate. Otherwise,
    *grid-ca-sign* will refuse to sign the request.

*-dir 'DIRECTORY'*::
    Sign the certificate using the Simple CA certificate and configuration
    located in 'DIRECTORY' instead of the default.

*-openssl-help*::
    Print the command-line options available for the *openssl ca*
    command.

EXAMPLES
--------
Sign a certificate request using the simple CA in +$HOME/SimpleCA'+
    
    % *grid-ca-sign* \
        -in usercert_request.pem \
        -out usercert.pem \
        -dir $HOME/SimpleCA

    To sign the request please enter the password for the CA key: 

    The new signed certificate is at: /home/juser/.globus/simpleCA/newcerts/01.pem

ENVIRONMENT
-----------
The following environment variables affect the execution of *grid-ca-sign*:

`GLOBUS_LOCATION`::
    Non-standard installation path of the Grid Community Toolkit.

SEE ALSO
--------
grid-cert-request(1), grid-ca-create(1), grid-default-ca(1), grid-ca-package(1)

AUTHOR
------
Copyright (C) 1999-2014 University of Chicago