grid-ca-package(1) [debian man page]
GRID-CA-PACKAGE(1) Globus Commands GRID-CA-PACKAGE(1) NAME
grid-ca-package - Prepare a CA certificate, configuration, and policy for distribution SYNOPSIS
grid-ca-package [-help] [-h] [-usage] [-version] [-versions] grid-ca-package [-ca HASH] [-g] [-b] [-r] [-d] DESCRIPTION
The grid-ca-package utility creates a tarball containing an RPM spec file and the files needed to use a CA with grid tools. It optionally will also create a GPT package for distributing a CA. By default, the grid-ca-package utility displays a list of installed grid CA and prompts for which CA to package. It then creates a tarball containing the CA certificate, signing policy, CA configuration files, and an spec script to generate a binary RPM package containing the CA. If the CA hash is known prior to running grid-ca-package, it may provided as an argument to the -ca parameter to avoid prompting. In addition to generating a spec script and tarball, grid-ca-package creates a GPT package if either the -g or -b options are used on the command-line. These packages may be used to distribute a CA and configuration to systems which do not support RPM packages. The grid-ca-package utility writes the package tarballs to the current working directory. The full set of command-line options to grid-ca-package follows. -help, -h, -usage Display the command-line options to grid-ca-package and exit. -version, -versions Display the version number of the grid-ca-package command. The second form includes more details. -ca CA Use the CA whose name matches the hash string CA. When invoked with this option, grid-ca-package runs non-interactively. -g Create a GPT binary package in addition to the RPM script tarball. This package may be installed on other systems using the gpt-install program. -b Create a GPT binary package with GPT metadata located in the path expected by GPT 3.2 (used in Globus 2.0.0-5.0.x) instead of ${datadir}/globus/packages as used in Globus 5.2.x. This option overrides the -g command-line option. -r Create a binary RPM package for the CA. This option currently only works on RPM-based distributions. -d Create a binary Debian package for the CA. This option currently only works on Debian-based distributions. EXAMPLES
Package a Simple CA with hash 0146c503 % grid-ca-package -ca 0146c503 Creating RPM source tarball... done globus_simple_ca_0146c503.tar.gz ENVIRONMENT VARIABLES
The following environment variables affect the execution of grid-ca-package: GLOBUS_LOCATION Non-standard installation path of the Globus toolkit. SEE ALSO
grid-cert-request(1), grid-ca-sign(1), grid-default-ca(1), grid-ca-create(1) AUTHOR
University of Chicago Globus Toolkit 5.2.0 07/22/2011 GRID-CA-PACKAGE(1)
Check Out this Related Man Page
GRID-CA-CREATE(1) Globus Commands GRID-CA-CREATE(1) NAME
grid-ca-create - Create a CA to sign certificates for use on a grid SYNOPSIS
grid-ca-create [-help] [-h] [-usage] [-version] [-versions] grid-ca-create [-force] [-noint] [-dir DIRECTORY] [-subject SUBJECT] [-email ADDRESS] [-days DAYS] [-pass PASSWORD] [-nobuild] [-g] [-b] [-openssl-help] [OPENSSL-OPTIONS] DESCRIPTION
The grid-ca-create program creates a self-signed CA certificate and related files needed to use the CA with other Globus tools. The grid-ca-create program prompts for information to use to generate the CA certificate, but the prompts may be avoided by using the command line options. By default, the grid-ca-create program creates the self-signed CA certificate, installs it on the current machine in its trusted certificate directory, and creates a source tarball which can be used to generate an RPM package for the CA. If the RPM package is installed on a machine, users on that machine can create certificate requests for user, host, or service identity certificates to be signed by the CA certificate generated by running grid-ca-create. If run as a privileged user, the grid-ca-create program creates the CA certificate and support files in ${localstatedir}/lib/globus/simple_ca and the CA certificate and signing policy are installed in the /etc/grid-security directory. Otherwise, the files are created in the ${HOME}/.globus/simpleCA directory. The full set of command-line options to grid-ca-create follows. In addition to these, unknown options will be passed to the openssl command when creating the self-signed certificate. -help, -h, -usage Display the command-line options to grid-ca-create and exit. -version, -versions Display the version number of the grid-ca-create command. The second form includes more details. -force Overwite existing CA in the destination directory if one exists -noint Run in non-interactive mode. This will choose defaults for parameters or those specified on the command line without prompting. This option also implies -force. -dir DIRECTORY Create the CA in DIRECTORY. The DIRECTORY must not exist prior to running grid-ca-create. -subject SUBJECT Use SUBJECT as the subject name of the self-signed CA to create. If this is not specified on the command-line, grid-ca-create will default to using the subject name cn=Globus Simple CA, ou=$HOSTNAME, ou=GlobusTest, o=Grid. -email ADDRESS Use ADDRESS as the email address of the CA. The default instructions generated by grid-ca-create tell users to mail the certificate request to this address. If this is not specified on the command-line, grid-ca-create will default to the $LOGNAME@$HOSTNAME -days DAYS Set the default lifetime of the self-signed CA certificate to DAYS. If not set, the grid-ca-create program will default to 1825 days (5 years). -pass PASSWORD Use the string PASSWORD to protect the CA's private key. This is useful for automating Simple CA, but may make it easier to compromise the CA if someone obtains a shell on the machine storing the CA's private key. -nobuild Disable building a source tarball for distributing the CA's public information to other machines. The source tarball can be created later by using the grid-ca-package command. -g Create a binary GPT package containing the new CA's public information. The package will be created in the current working directory. This package can be deployed by with the gpt-install tool. -b Create a binary GPT package containing the new CA's public information that is backward-compatible with GPT 3.2. Packages created in this manner will work with Globus Toolkit 2.0.0-5.0.x. EXAMPLES
Create a simple CA in $HOME/SimpleCA % grid-ca-create -noint -dir $HOME/SimpleCA C e r t i f i c a t e A u t h o r i t y S e t u p This script will setup a Certificate Authority for signing Globus users certificates. It will also generate a simple CA package that can be distributed to the users of the CA. The CA information about the certificates it distributes will be kept in: /home/juser/SimpleCA The unique subject name for this CA is: cn=Globus Simple CA, ou=simpleCA-grid.example.org, ou=GlobusTest, o=Grid Insufficient permissions to install CA into the trusted certifiicate directory (tried ${sysconfdir}/grid-security/certificates and ${datadir}/certificates) Creating RPM source tarball... done globus_simple_ca_0146c503.tar.gz ENVIRONMENT VARIABLES
The following environment variables affect the execution of grid-ca-create: GLOBUS_LOCATION Non-standard installation path of the Globus toolkit. SEE ALSO
grid-cert-request(1), grid-ca-sign(1), grid-default-ca(1), grid-ca-package(1) AUTHOR
University of Chicago Globus Toolkit 5.2.0 07/22/2011 GRID-CA-CREATE(1)