Changes between Version 17 and Version 18 of iRODSwithGSI


Ignore:
Timestamp:
12/04/12 00:07:15 (7 years ago)
Author:
Jeanne Ohren
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • iRODSwithGSI

    v17 v18  
    530530Steps 1-3 are the same as GCF w/ grid-proxy-init.
    531531
    532 4.  Get the identity from the GCF cert.
    533 
    534 5.  Create the CSR.
    535 {{{
    536 }}}
    537 
    538 6.  Create the proxy certificate.
    539 
    540 7.  Concatenate the new proxy cert, new private key, and original certificate to a file named x509up_uXXXXX where XXXXX is the same as the proxy cert generated by grid-proxy-init.
    541 
    542 8.  Copy the concatenated certificate to /tmp.
     5324.  Get the subject from the GCF certificate (alice-cert.pem)
     533{{{
     534globus@pc:~/.globus$ openssl x509 -in alice-cert.pem -subject -noout
     535subject= /CN=geni//gpo//gcf.user.alice
     536}}}
     537
     5385.  Create the CSR using csr.conf provided by Ezra (see attached).  Accept default answer for all except "Common Name" questions.
     539Give the subject (from previous step, do not include the 'CN=') and your own 8 digit number.
     540{{{
     541globus@pc:~/.globus$ openssl req -new -config /tmp/csr.conf -out alice.csr -keyout alice-proxy.key
     542Generating a 1024 bit RSA private key
     543........++++++
     544.................++++++
     545writing new private key to 'alice-proxy.key'
     546-----
     547You are about to be asked to enter information that will be incorporated
     548into your certificate request.
     549What you are about to enter is what is called a Distinguished Name or a DN.
     550There are quite a few fields but you can leave some blank
     551For some fields there will be a default value,
     552If you enter '.', the field will be left blank.
     553-----
     554Country Name "C" (2 letter code) []:
     555State Name "ST" (full name) []:
     556Locality Name "L" (eg, city) []:
     557Organization Name "O" (eg, company) []:
     558Organizational Unit Name "OU" (eg, section) []:
     559Common Name "CN" (eg, YOUR name) []:geni//gpo//gcf.user.alice
     560Email Address []:
     561Common Name "CN" (unique 8 digit number) []:12345678   
     562}}}
     563
     564This should produce the csr and key files specified on the command line.
     565
     5666.  Create the proxy certificate using the csr file generated in the previous step as well as alice-cert.pem and alice-key.pem.
     567{{{
     568globus@pc:~/.globus$ openssl x509 -req -CAcreateserial -in alice.csr -days 7 -out alice_proxy.pem -CA alice-cert.pem -CAkey alice-key.pem -extfile /tmp/csr.conf -extensions v3_proxy
     569Signature ok
     570subject=/CN=geni//gpo//gcf.user.alice/CN=12345678
     571Getting CA Private Key
     572}}}
     573
     5747.  Concatenate the new proxy cert, new private key, and original certificate to a file named x509up_uXXXXX where XXXXX is the globus user id (id -u).
     575{{{
     576globus@pc:~/.globus$ cat alice_proxy.pem > x509up_u20002
     577globus@pc:~/.globus$ cat alice-proxy.key >> x509up_u20002
     578globus@pc:~/.globus$ cat alice-cert.pem >> x509up_u20002
     579}}}
     580
     5818.  Copy the concatenated certificate to /tmp and set the permissions to 0600.
     582{{{
     583   cp x509up_u20002 /tmp
     584   chmod 600 /tmp/x509up_u20002
     585}}}
    543586
    5445879.  Run grid-proxy-info to get the identity of the proxy certificate.
    545 
    546 10.  Go back to the '''iRODS server''' and add the user authentication id.
    547 {{{
    548    iadmin aua alice '/CN=geni//gpo//gcf.user.alice'
     588{{{
     589globus@pc:~/.globus$ /usr/local/globus/bin/grid-proxy-info -f /tmp/x509up_u20002
     590subject  : /CN=geni//gpo//gcf.user.alice/CN=12345678
     591issuer   : /CN=geni//gpo//gcf.user.alice
     592identity : /CN=geni//gpo//gcf.user.alice/CN=12345678
     593type     : RFC 3820 compliant independent proxy
     594strength : 1024 bits
     595path     : /tmp/x509up_u20002
     596timeleft : 167:58:47  (7.0 days)
     597}}}
     598
     59910.  Go back to the '''iRODS server''' and add the user authentication id using the identity from the previous step.
     600{{{
     601   iadmin aua alice '/CN=geni//gpo//gcf.user.alice/CN=12345678'
    549602}}}
    550603