'\" t .\" Title: grid-ca-create .\" Author: University of Chicago .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 07/22/2011 .\" Manual: Globus Commands .\" Source: Globus Toolkit 5.2.0 .\" Language: English .\" .TH "GRID\-CA\-CREATE" "1" "07/22/2011" "Globus Toolkit 5.2.0" "Globus Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" grid-ca-create \- Create a CA to sign certificates for use on a grid .SH "SYNOPSIS" .HP \w'\fBgrid\-ca\-create\fR\ 'u \fBgrid\-ca\-create\fR [\-help] [\-h] [\-usage] [\-version] [\-versions] .HP \w'\fBgrid\-ca\-create\fR\ 'u \fBgrid\-ca\-create\fR [\-force] [\-noint] [\-dir\ \fIDIRECTORY\fR] .br [\-subject\ \fISUBJECT\fR] [\-email\ \fIADDRESS\fR] [\-days\ \fIDAYS\fR] [\-pass\ \fIPASSWORD\fR] .br [\-nobuild] [\-g] [\-b] .br [\-openssl\-help] [\fIOPENSSL\-OPTIONS\fR] .SH "DESCRIPTION" .PP The \fBgrid\-ca\-create\fR program creates a self\-signed CA certificate and related files needed to use the CA with other Globus tools\&. The \fBgrid\-ca\-create\fR program prompts for information to use to generate the CA certificate, but the prompts may be avoided by using the command line options\&. .PP By default, the \fBgrid\-ca\-create\fR program creates the self\-signed CA certificate, installs it on the current machine in its trusted certificate directory, and creates a source tarball which can be used to generate an RPM package for the CA\&. If the RPM package is installed on a machine, users on that machine can create certificate requests for user, host, or service identity certificates to be signed by the CA certificate generated by running \fBgrid\-ca\-create\fR\&. .PP If run as a privileged user, the \fBgrid\-ca\-create\fR program creates the CA certificate and support files in \fB${localstatedir}\fR/lib/globus/simple_ca and the CA certificate and signing policy are installed in the /etc/grid\-security directory\&. Otherwise, the files are created in the \fB${HOME}\fR/\&.globus/simpleCA directory\&. .PP The full set of command\-line options to \fBgrid\-ca\-create\fR follows\&. In addition to these, unknown options will be passed to the \fBopenssl\fR command when creating the self\-signed certificate\&. .PP \fB\-help\fR, \fB\-h\fR, \fB\-usage\fR .RS 4 Display the command\-line options to \fBgrid\-ca\-create\fR and exit\&. .RE .PP \fB\-version\fR, \fB\-versions\fR .RS 4 Display the version number of the \fBgrid\-ca\-create\fR command\&. The second form includes more details\&. .RE .PP \fB\-force\fR .RS 4 Overwite existing CA in the destination directory if one exists .RE .PP \fB\-noint\fR .RS 4 Run in non\-interactive mode\&. This will choose defaults for parameters or those specified on the command line without prompting\&. This option also implies \fB\-force\fR\&. .RE .PP \fB\-dir \fR\fB\fIDIRECTORY\fR\fR .RS 4 Create the CA in \fIDIRECTORY\fR\&. The \fIDIRECTORY\fR must not exist prior to running \fBgrid\-ca\-create\fR\&. .RE .PP \fB\-subject \fR\fB\fISUBJECT\fR\fR .RS 4 Use \fISUBJECT\fR as the subject name of the self\-signed CA to create\&. If this is not specified on the command\-line, \fBgrid\-ca\-create\fR will default to using the subject name \fIcn=Globus Simple CA, ou=\fR\fI\fI$HOSTNAME\fR\fR\fI, ou=GlobusTest, o=Grid\fR\&. .RE .PP \fB\-email \fR\fB\fIADDRESS\fR\fR .RS 4 Use \fIADDRESS\fR as the email address of the CA\&. The default instructions generated by \fBgrid\-ca\-create\fR tell users to mail the certificate request to this address\&. If this is not specified on the command\-line, \fBgrid\-ca\-create\fR will default to the \fB$LOGNAME\fR@\fB$HOSTNAME\fR .RE .PP \fB\-days \fR\fB\fIDAYS\fR\fR .RS 4 Set the default lifetime of the self\-signed CA certificate to \fIDAYS\fR\&. If not set, the \fBgrid\-ca\-create\fR program will default to 1825 days (5 years)\&. .RE .PP \fB\-pass \fR\fB\fIPASSWORD\fR\fR .RS 4 Use the string \fIPASSWORD\fR to protect the CA\'s private key\&. This is useful for automating Simple CA, but may make it easier to compromise the CA if someone obtains a shell on the machine storing the CA\'s private key\&. .RE .PP \fB\-nobuild\fR .RS 4 Disable building a source tarball for distributing the CA\'s public information to other machines\&. The source tarball can be created later by using the \fBgrid\-ca\-package\fR command\&. .RE .PP \fB\-g\fR .RS 4 Create a binary GPT package containing the new CA\'s public information\&. The package will be created in the current working directory\&. This package can be deployed by with the \fBgpt\-install\fR tool\&. .RE .PP \fB\-b\fR .RS 4 Create a binary GPT package containing the new CA\'s public information that is backward\-compatible with GPT 3\&.2\&. Packages created in this manner will work with Globus Toolkit 2\&.0\&.0\-5\&.0\&.x\&. .RE .SH "EXAMPLES" .PP Create a simple CA in \fB$HOME\fR/SimpleCA .sp .if n \{\ .RS 4 .\} .nf % \fBgrid\-ca\-create\fR \fB\-noint\fR \fB\-dir \fR\fB\fB$HOME\fR\fR\fB/SimpleCA\fR C e r t i f i c a t e A u t h o r i t y S e t u p This script will setup a Certificate Authority for signing Globus users certificates\&. It will also generate a simple CA package that can be distributed to the users of the CA\&. The CA information about the certificates it distributes will be kept in: /home/juser/SimpleCA The unique subject name for this CA is: cn=Globus Simple CA, ou=simpleCA\-grid\&.example\&.org, ou=GlobusTest, o=Grid Insufficient permissions to install CA into the trusted certifiicate directory (tried ${sysconfdir}/grid\-security/certificates and ${datadir}/certificates) Creating RPM source tarball\&.\&.\&. done globus_simple_ca_0146c503\&.tar\&.gz .fi .if n \{\ .RE .\} .sp .SH "ENVIRONMENT VARIABLES" .PP The following environment variables affect the execution of \fBgrid\-ca\-create\fR: .PP \fBGLOBUS_LOCATION\fR .RS 4 Non\-standard installation path of the Globus toolkit\&. .RE .SH "SEE ALSO" .PP \fBgrid-cert-request\fR(1), \fBgrid-ca-sign\fR(1), \fBgrid-default-ca\fR(1), \fBgrid-ca-package\fR(1) .SH "AUTHOR" .PP \fBUniversity of Chicago\fR