htproxyput, htproxydestroy, htproxytime, htproxyunixtime, htproxyrenew - GSI proxy delegations and querying, using GridSite/gLite delegation API
htproxyput, htproxydestroy, htproxytime, htproxyunixtime, htproxyrenew [options] Service-URL
htproxyput is a client to perform GSI proxy delegations using the GridSite/gLite delegation Web Service portType. The gridsite-delegation(8) CGI program is the complementary server-side implementation.
htproxyinfo examines a local copy of a GSI proxy, and outputs a summary of its X.509 and VOMS contents.
- Turn on debugging information.
- --delegation-id <ID>
- Explicitly specify the Delegation ID to use.
- Instead of delegating a proxy, delete the proxy from the service's proxy cache. Calling the program as htproxydestroy has the same effect.
- Instead of delegating a proxy, report the expiration time of the proxy, in the local time of the client. Calling the program as htproxytime has the same effect.
- Instead of delegating a proxy, report the expiration time of the proxy, as the number of seconds since 00:00:00 1970-01-01 UTC. Calling the program as htproxyunixtime has the same effect.
- Delegate an updated version of an existing proxy. The Delegation ID must be given when using this option. Calling the program as htproxyrenew has the same effect.
- Examine a local proxy file, and output a summary of the X.509 certificates and VOMS attributes it contains. Calling the program as htproxyinfo has the same effect.
- --cert <X.509 cert path> and --key <X.509 key path>
- Path to the PEM-encoded X.509 or GSI Proxy user certificate and key to use for HTTPS connections, instead of "anonymous mode." If only one of --key or --cert is given, then that will be tried for both. If neither is given, then the following order of precedence is used: the file name held by the variable X509_USER_PROXY; the file /tmp/x509up_uID (with Unix UID equal to ID); the file names held by X509_USER_CERT / X509_USER_KEY; the files ~/.globus/usercert.pem and ~/.globus/userkey.pem (where ~/ is the home directory of the user.)
- --capath <X.509 CA root certs directory or file>
- Path to the PEM-encoded CA root certificates to use when verifying remote servers' host certificates in HTTPS connections. Ideally this should be a directory of hash.0 files as described in the OpenSSL verify(1) man page, but a file may be used instead. If --capath is not given, the value of the environment variable X509_CERT_DIR will be tried. If this is not valid, then /etc/grid-security/certificates will be used.
- Do not use CA root certificates to verify remote servers' host certificates. This is useful for testing sites before their certificate is set up properly, but leaves you vulnerable to "man in the middle" attacks by hostile servers masquerading as your target.
- Default GSI Proxy file for Unix UID equal to ID.
- Default location for trusted Certification Authority root certificates to use when checking server certificates.
- Prior to 7.9.8, the underlying curl library did not support the CA root certificates directory. If built with an old version of libcurl, htproxyput will concatenate the certificates in the CA roots directory into a unique temporary file and use that.
- Holds directory to search for Certification Authority root certificates when verifying server certificates. (Tried if --capath is not given on the command line.)
- Holds file name of a GSI Proxy to use as user certificate. (Tried if --cert or --key are not given on the command line.)
- X509_USER_CERT and X509_USER_KEY
- Holds file name of X.509 user certificate and key. (Tried if X509_USER_PROXY is not valid.)
0 is returned on complete success, and non-zero on error.
Better error recovery.
Andrew McNab <Andrew.McNab@manchester.ac.uk>
htproxyput is part of GridSite: http://www.gridsite.org/