'\" t .\" Title: grid-default-ca .\" Author: University of Chicago .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 03/22/2010 .\" Manual: Globus Commands .\" Source: Globus Toolkit 5.0.1 .\" Language: English .\" .TH "GRID\-DEFAULT\-CA" "8" "03/22/2010" "Globus Toolkit 5.0.1" "Globus Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" grid-default-ca \- Select default CA for certificate requests .SH "SYNOPSIS" .HP \w'\fBgrid\-default\-ca\fR\ 'u \fBgrid\-default\-ca\fR [\-help] [\-h] [\-usage] [\-u] [\-version] [\-versions] .HP \w'\fBgrid\-default\-ca\fR\ 'u \fBgrid\-default\-ca\fR \-list [\-dir\ \fICA\-DIRECTORY\fR] .HP \w'\fBgrid\-default\-ca\fR\ 'u \fBgrid\-default\-ca\fR [\-ca\ \fICA\-HASH\fR] [\-dir\ \fICA\-DIRECTORY\fR] .SH "DESCRIPTION" .PP The \fBgrid\-default\-ca\fR program sets the default certificate authority to use when the \fBgrid\-cert\-request\fR script is run\&. The CA\'s certificate, configuration, and signing policy must be installed in the trusted certificate directory to be able to request certificates from that CA\&. Note that some CAs have different policies and use other tools to handle certificate requests\&. Please consult your CA\'s support staff if you unsure\&. The \fBgrid\-default\-ca\fR is designed to work with CAs implemented using the globus_simple_ca package\&. .PP By default, the \fBgrid\-default\-ca\fR program displays a list of installed CA certificates and the prompts the user for which one to set as the default\&. If invoked with the \fB\-list\fR command\-line option, \fBgrid\-default\-ca\fR will print the list and not prompt nor set the default CA\&. If invoked with the \fB\-ca\fR option, it will not list or prompt, but set the default CA to the one with the hash that matches the \fICA\-HASH\fR argument to that option\&. If \fBgrid\-default\-ca\fR is used to set the default CA, the caller of this program must have write permissions to the trusted certificate directory\&. .PP The \fBgrid\-default\-ca\fR program sets the CA in the one of the grid security directories\&. It looks in the directory named by the \fBGRID_SECURITY_DIR\fR environment, the \fBX509_CERT_DIR\fR, /etc/grid\-security, and \fB$GLOBUS_LOCATION\fR/share/certificates\&. .PP The full set of command\-line options to \fBgrid\-default\-ca\fR are: .PP \fB\-help\fR, \fB\-h\fR, \fB\-usage\fR, \fB\-u\fR .RS 4 Display the command\-line options to \fBgrid\-default\-ca\fR and exit\&. .RE .PP \fB\-version\fR, \fB\-versions\fR .RS 4 Display the version number of the \fBgrid\-default\-ca\fR command\&. The second form includes more details\&. .RE .PP \fB\-dir \fR\fB\fICA\-DIRECTORY\fR\fR .RS 4 Use the trusted certificate directory named by \fICA\-DIRECTORY\fR instead of the default\&. .RE .PP \fB\-list\fR .RS 4 Instead of changing the default CA, print out a list of all available CA certificates in the trusted certificate directory .RE .PP \fB\-ca \fR\fB\fICA\-HASH\fR\fR .RS 4 Set the default CA without displaying the list of choices or prompting\&. The CA file named by \fICA\-HASH\fR must exist\&. .RE .SH "EXAMPLES" .PP List the contents of the trusted certificate directory that contain the string Example: .sp .if n \{\ .RS 4 .\} .nf % \fBgrid\-default\-ca\fR | \fBgrep Example\fR 15) cd1186ff \- /DC=org/DC=Example/DC=Grid/CN=Example CA .fi .if n \{\ .RE .\} .PP Choose that CA as the default: .sp .if n \{\ .RS 4 .\} .nf % \fBgrid\-default\-ca\fR \fB\-ca cd1186ff\fR setting the default CA to: /DC=org/DC=Example/DC=Grid/CN=Example CA linking /etc/grid\-security/certificates/grid\-security\&.conf\&.cd1186ff to /etc/grid\-security/certificates/grid\-security\&.conf linking /etc/grid\-security/certificates/grid\-host\-ssl\&.conf\&.cd1186ff to /etc/grid\-security/certificates/grid\-host\-ssl\&.conf linking /etc/grid\-security/certificates/grid\-user\-ssl\&.conf\&.cd1186ff to /etc/grid\-security/certificates/grid\-user\-ssl\&.conf \&.\&.\&.done\&. .fi .if n \{\ .RE .\} .sp .SH "ENVIRONMENT VARIABLES" .PP The following environment variables affect the execution of \fBgrid\-default\-ca\fR: .PP \fBGRID_SECURITY_DIRECTORY\fR .RS 4 Path to the default trusted certificate directory\&. .RE .PP \fBX509_CERT_DIR\fR .RS 4 Path to the default trusted certificate directory\&. .RE .PP \fBGLOBUS_LOCATION\fR .RS 4 Path to the Globus Toolkit installation directory\&. .RE .SH "BUGS" .PP The \fBgrid\-default\-ca\fR program displays CAs from all of the directories in its search list; however, \fBgrid\-cert\-request\fR only uses the first which contains a grid security configuration\&. .PP The \fBgrid\-default\-ca\fR program may display the same CA multiple times if it is located in multiple directories in its search path\&. However, it does not provide any information about which one would actually be used by the \fBgrid\-cert\-request\fR command\&. .SH "SEE ALSO" .PP \fBgrid-cert-request\fR(1) .SH "AUTHOR" .PP \fBUniversity of Chicago\fR