table of contents
other versions
- wheezy 3.0-2
- wheezy-backports 4.14-3~bpo70+1
- jessie 4.14-3
- testing 4.24-1
- unstable 4.24-1
GRID-CA-SIGN(1) | Globus Commands | GRID-CA-SIGN(1) |
NAME¶
grid-ca-sign - Sign a certificate with a SimpleCA for use on a gridSYNOPSIS¶
grid-ca-sign
[-help] [-h] [-usage] [-version] [-versions]
grid-ca-sign
-in REQUEST -out CERTIFICATE
[-force] [-dir DIRECTORY]
[-openssl-help] [ OPENSSL-OPTIONS]
DESCRIPTION¶
The grid-ca-sign program signs a certificate based on a request file with a CA certificate created by grid-ca-create. The new certificate is written to a file. If the CA has already signed a certificate with the same subject name as contained in the certificate request, it will refuse to sign the new request unless the -force option is provided on the command-line. If run as a privileged user, grid-ca-sign uses the CA certificate and configuration located in ${localstatedir}/lib/globus/simple_ca to sign the certificate. For a non-privileged user, grid-ca-sign uses the CA certificate and configuration located in $HOME/.globus/simpleCA. The grid-ca-sign program an use a different CA configuration and certificate by using the -dir option. The full set of command-line options to grid-ca-sign follows. In addition to these, unknown options will be passed to the openssl command when creating the self-signed certificate. -help, -h, -usageDisplay the command-line options to
grid-ca-sign and exit.
-version, -versions
Display the version number of the
grid-ca-sign command. The second form includes details about the
package containing grid-ca-sign.
-in REQUEST
Sign the request contained in the
REQUEST file.
-out CERTIFICATE
Write the signed request to the
CERTIFICATE file.
-force
Revoke any previously issued certificate with
the same subject name as in the certificate request and issue a new
certificate. Otherwise, grid-ca-sign will refuse to sign the
request.
-dir DIRECTORY
Sign the certificate using the Simple CA
certificate and configuration located in DIRECTORY instead of the
default.
-openssl-help
Print the command-line options available for
the openssl ca command.
EXAMPLES¶
Sign a certificate request using the simple CA in $HOME/SimpleCA% grid-ca-sign -in usercert_request.pem -out usercert.pem -dir $HOME/SimpleCA To sign the request please enter the password for the CA key: The new signed certificate is at: /home/juser/.globus/simpleCA/newcerts/01.pem
ENVIRONMENT VARIABLES¶
The following environment variables affect the execution of grid-ca-sign: GLOBUS_LOCATIONNon-standard installation path of the Globus
toolkit.
SEE ALSO¶
grid-cert-request(1), grid-ca-create(1), grid-default-ca(1), grid-ca-package(1)AUTHOR¶
University of Chicago07/22/2011 | Globus Toolkit 5.2.0 |