'\" t .\" Title: grid-cert-diagnostics .\" Author: University of Chicago .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 04/25/2011 .\" Manual: Globus Commands .\" Source: Globus Toolkit 5.0.2 .\" Language: English .\" .TH "GRID\-CERT\-DIAGNOST" "1" "04/25/2011" "Globus Toolkit 5.0.2" "Globus Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" grid-cert-diagnostics \- Print diagnostic information about certificates and keys .SH "SYNOPSIS" .HP \w'\fBgrid\-cert\-diagnostics\fR\ 'u \fBgrid\-cert\-diagnostics\fR [\-h] | [\-help] [\-p] [\-n] [\-c\ \fICERTIFICATE\fR] .SH "DESCRIPTION" .PP The \fBgrid\-cert\-diagnostics\fR program displays information about the current user\'s security environment, including information about security\-related environment variables, security directory search path, personal key and certificates, and trusted certificates\&. It is intended to provide information to help diagnose problems using GSIC\&. .PP By default, \fBgrid\-cert\-diagnostics\fR prints out information regarding the environment and trusted certificate directory\&. If the \fB\-p\fR command\-line option is used, then additional information about the current user\'s default certificate and key will be printed\&. .PP The full set of command\-line options to \fBgrid\-cert\-diagnostics\fR consists of: .PP \fB\-h\fR, \fB\-help\fR .RS 4 Display a help message and exit\&. .RE .PP \fB\-p\fR .RS 4 Display information about the personal certificate and key that is the current user\'s default credential\&. .RE .PP \fB\-n\fR .RS 4 Check time synchronization with the \fBntpdate\fR command\&. .RE .PP \fB\-c \fR\fB\fICERTIFICATE\fR\fR, \fB\-c \fR\fB\-\fR .RS 4 Check the validity of the certificate in the file named by \fICERTIFICATE\fR or standard input if the parameter to \fB\-c\fR is \-\&. .RE .SH "EXAMPLES" .PP In this example, we see the default mode of checking the default security environment for the system, without processing the user\'s key and certificate\&. Note the user receives a warning about a cog\&.properties and about an expired CA certificate\&. .sp .if n \{\ .RS 4 .\} .nf % \fBgrid\-cert\-diagnostics\fR Checking Environment Variables ============================== Checking if X509_CERT_DIR is set\&.\&.\&. no Checking if X509_USER_CERT is set\&.\&.\&. no Checking if X509_USER_KEY is set\&.\&.\&. no Checking if X509_USER_PROXY is set\&.\&.\&. no Checking Security Directories ======================= Determining trusted cert path\&.\&.\&. /etc/grid\-security/certificates Checking for cog\&.properties\&.\&.\&. found WARNING: If the cog\&.properties file contains security properties, Java apps will ignore the security paths described in the GSI documentation Checking trusted certificates\&.\&.\&. ================================ Getting trusted certificate list\&.\&.\&. Checking CA file /etc/grid\-security/certificates/1c4f4c48\&.0\&.\&.\&. ok Verifying certificate chain for "/etc/grid\-security/certificates/1c3f2ca8\&.0"\&.\&.\&. ok Checking CA file /etc/grid\-security/certificates/9d8788eb\&.0\&.\&.\&. ok Verifying certificate chain for "/etc/grid\-security/certificates/9d8753eb\&.0"\&.\&.\&. failed globus_credential: Error verifying credential: Failed to verify credential globus_gsi_callback_module: Could not verify credential globus_gsi_callback_module: The certificate has expired: Credential with subject: /DC=org/DC=example/OU=grid/CN=CA has expired\&. .fi .if n \{\ .RE .\} .PP In this example, we show a user with a mismatched private key and certificate: .sp .if n \{\ .RS 4 .\} .nf % \fBgrid\-cert\-diagnostics\fR \fB\-p\fR Checking Environment Variables ============================== Checking if X509_CERT_DIR is set\&.\&.\&. no Checking if X509_USER_CERT is set\&.\&.\&. no Checking if X509_USER_KEY is set\&.\&.\&. no Checking if X509_USER_PROXY is set\&.\&.\&. no Checking Security Directories ======================= Determining trusted cert path\&.\&.\&. /etc/grid\-security/certificates Checking for cog\&.properties\&.\&.\&. not found Checking Default Credentials ============================== Determining certificate and key file names\&.\&.\&. ok Certificate Path: "/home/juser/\&.globus/usercert\&.pem" Key Path: "/home/juser/\&.globus/userkey\&.pem" Reading certificate\&.\&.\&. ok Reading private key\&.\&.\&. ok Checking Certificate Subject\&.\&.\&. "/O=Grid/OU=Example/OU=User/CN=Joe User" Checking cert\&.\&.\&. ok Checking key\&.\&.\&. ok Checking that certificate contains an RSA key\&.\&.\&. ok Checking that private key is an RSA key\&.\&.\&. ok Checking that public and private keys have the same modulus\&.\&.\&. failed Private key modulus: D294849E37F048C3B5ACEEF2CCDF97D88B679C361E29D5CB5 219C3E948F3E530CFC609489759E1D751F0ACFF0515A614276A0F4C11A57D92D7165B8 FA64E3140155DE448D45C182F4657DA13EDA288423F5B9D169DFF3822EFD81EB2E6403 CE3CB4CCF96B65284D92592BB1673A18354DA241B9AFD7F494E54F63A93E15DCAE2 Public key modulus : C002C7B329B13BFA87BAF214EACE3DC3D490165ACEB791790 600708C544175D9193C9BAC5AED03B7CB49BB6AE6D29B7E635FAC751E9A6D1CEA98022 6F1B63002902D6623A319E4682E7BFB0968DCE962CF218AAD95FAAD6A0BA5C42AA9AAF 7FDD32B37C6E2B2FF0E311310AA55FFB9EAFDF5B995C7D9EEAD8D5D81F3531E0AE5 Certificate and and private key don\'t match .fi .if n \{\ .RE .\} .sp .SH "AUTHOR" .PP \fBUniversity of Chicago\fR