'\" t .\" Title: grid-ca-create .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 06/03/2020 .\" Manual: Grid Community Toolkit Manual .\" Source: Grid Community Toolkit 6 .\" Language: English .\" .TH "GRID\-CA\-CREATE" "1" "06/03/2020" "Grid Community Toolkit 6" "Grid Community Toolkit Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" grid-ca-create \- Create a CA to sign certificates for use on a grid .SH "SYNOPSIS" .sp \fBgrid\-ca\-create\fR [ \-h | \-help | \-usage | \-version | \-versions ] [ \-openssl\-help] .sp \fBgrid\-ca\-create\fR [ OPTIONS ] [ OPENSSL\-OPTIONS ] .SH "DESCRIPTION" .sp The \fBgrid\-ca\-create\fR program creates a self\-signed CA certificate and related files needed to use the CA with other Globus tools\&. The \fBgrid\-ca\-create\fR program prompts for information to use to generate the CA certificate, but the prompts may be avoided by using the command line options\&. .sp By default, the \fBgrid\-ca\-create\fR program creates the self\-signed CA certificate, installs it on the current machine in its trusted certificate directory, and creates a source tarball which can be used to generate an RPM package for the CA\&. If the RPM package is installed on a machine, users on that machine can create certificate requests for user, host, or service identity certificates to be signed by the CA certificate generated by running \fBgrid\-ca\-create\fR\&. .sp If run as a privileged user, the \fBgrid\-ca\-create\fR program creates the CA certificate and support files in the CA certificate and signing policy are installed in the /etc/grid\-security directory\&. Otherwise, the files are .SH "OPTIONS" .sp The full set of command\-line options to \fBgrid\-ca\-create\fR follows\&. In addition to these, unknown options will be passed to the openssl command when creating the self\-signed certificate\&. .PP \fB\-help, \-h, \-usage\fR .RS 4 Display the command\-line options to \fBgrid\-ca\-create\fR and exit\&. .RE .PP \fB\-version, \-versions\fR .RS 4 Display the version number of the \fBgrid\-ca\-create\fR command\&. The second form includes more details\&. .RE .PP \fB\-force\fR .RS 4 Overwrite existing CA in the destination directory if one exists\&. .RE .PP \fB\-bits BITS\fR .RS 4 Create a CA certificate with a BITS long RSA key [4096] .RE .PP \fB\-noint\fR .RS 4 Run in non\-interactive mode\&. This will choose defaults for parameters or those specified on the command line without prompting\&. This option also implies \fI\-force\fR\&. .RE .PP \fB\-dir \fR\fB\fIDIRECTORY\fR\fR .RS 4 Create the CA in \fIDIRECTORY\fR\&. The \fIDIRECTORY\fR must not exist prior to running \fBgrid\-ca\-create\fR\&. .RE .PP \fB\-subject \fR\fB\fISUBJECT\fR\fR .RS 4 Use \fISUBJECT\fR as the subject name of the self\-signed CA to create\&. If this is not specified on the command\-line, \fBgrid\-ca\-create\fR will default to using the subject name cn=Globus Simple CA, ou=$HOSTNAME, ou=GlobusTest, o=Grid\&. .RE .PP \fB\-email \fR\fB\fIADDRESS\fR\fR .RS 4 Use \fIADDRESS\fR as the email address of the CA\&. The default instructions generated by \fBgrid\-ca\-create\fR tell users to mail the certificate request to this address\&. If this is not specified on the command\-line, \fBgrid\-ca\-create\fR will default to $LOGNAME@$HOSTNAME\&. .RE .PP \fB\-days \fR\fB\fIDAYS\fR\fR .RS 4 Set the default lifetime of the self\-signed CA certificate to \fIDAYS\fR\&. If not set, the \fBgrid\-ca\-create\fR program will default to 1825 days (5 years)\&. .RE .PP \fB\-pass \fR\fB\fIPASSWORD\fR\fR .RS 4 Use the string \fIPASSWORD\fR to protect the CA\(cqs private key\&. This is useful for automating Simple CA, but may make it easier to compromise the CA if someone obtains a shell on the machine storing the CA\(cqs private key\&. .RE .PP \fB\-nobuild\fR .RS 4 Disable building a source tarball for distributing the CA\(cqs public information to other machines\&. The source tarball can be created later by using the \fBgrid\-ca\-package\fR command\&. .RE .SH "EXAMPLES" .sp Create a simple CA in $HOME/SimpleCA: .sp .if n \{\ .RS 4 .\} .nf % grid\-ca\-create \-noint \-dir $HOME/SimpleCA .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf C e r t i f i c a t e A u t h o r i t y S e t u p .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf This script will setup a Certificate Authority for signing Globus users certificates\&. It will also generate a simple CA package that can be distributed to the users of the CA\&. .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf The CA information about the certificates it distributes will be kept in: .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf /home/juser/SimpleCA .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf The unique subject name for this CA is: .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf cn=Globus Simple CA, ou=simpleCA\-grid\&.example\&.org, ou=GlobusTest, o=Grid .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf Insufficient permissions to install CA into the trusted certifiicate directory (tried ${sysconfdir}/grid\-security/certificates and ${datadir}/certificates) Creating RPM source tarball\&.\&.\&. done globus_simple_ca_0146c503\&.tar\&.gz .fi .if n \{\ .RE .\} .SH "ENVIRONMENT" .sp The following environment variables affect the execution of \fBgrid\-ca\-create\fR: .PP GLOBUS_LOCATION .RS 4 Non\-standard installation path of the Grid Community Toolkit\&. .RE .SH "SEE ALSO" .sp grid\-cert\-request(1), grid\-ca\-sign(1), grid\-default\-ca(1), grid\-ca\-package(1) .SH "AUTHOR" .sp Copyright \(co 1999\-2014 University of Chicago