grid-cert-info(1) [debian man page]
GRID-CERT-INFO(1) Globus Commands GRID-CERT-INFO(1) NAME
grid-cert-info - Display information about a certificate SYNOPSIS
grid-cert-info [-help] [-usage] [-version] [-versions] grid-cert-info [-file CERTIFICATE-FILE] [-rfc2253] [-all] [-subject] | [-s] [-issuer] | [-i] [-issuerhash] | [-ih] [-startdate] | [-sd] [-endate] | [-ed] DESCRIPTION
The grid-cert-info program displays information contained within a certificate file. By default it shows a text representation of the entire certificate. Specific facts about the certificate can be shown instead by using command-line options. If any of those options are used, then the default display is suppressed. This can be added to the output by using the -all command-line option. If multiple display options are included on the command-line, the facts related to those will be displayed on separate lines in the order that they occur. If an option is specified multiple time, that fact will be displayed multiple times. The full set of command-line options to grid-cert-info are: -help, -usage Display the command-line options to grid-cert-info and exit. -version, -versions Display the version number of the grid-cert-info command. The second form includes more details. -file CERTIFICATE-FILE Display information about the first certificate contained in the file named by CERTIFICATE-FILE instead of the default user certificate. -rfc2253 Display X.509 distinguished names using the string representation defined in RFC 2253 instead of the default OpenSSL oneline format. -all Display the text representation of the entire certificate in addition to any other facts requested by command-line options. This is the default if no fact-specific command-line options are used. -subject, -s Display the subject name of the X.509 certificate. -issuer, -i Display the issuer name of the X.509 certificate. -issuerhash, -ih Display the default hash of the issuer name of the X.509 certificate. This can be used to locate which CA certificate in the trusted certificate directory issued the certifcate being inspected. -startdate, -sd Display a string representation of the date and time when the certificate is valid from. This is displayed in the format used by the OpenSSL x509 command. -enddate, -dd Display a string representation of the date and time when the certificate is valid until. This is displayed in the format used by the OpenSSL x509 command. EXAMPLES
Display the validity times for the default certificate % grid-cert-info -sd -ed Aug 31 12:33:47 2009 GMT Aug 31 12:33:47 2010 GMT Display the same information about a different certificate specified on the command-line % grid-cert-info -sd -ed -f /etc/grid-security/hostcert.pem Jan 21 12:24:48 2003 GMT Jul 15 11:30:57 2020 GMT Display the subject of a certificate in both the default and the RFC 2253 forms. % grid-cert-info -subject /DC=org/DC=example/DC=grid/CN=Joe User % grid-cert-info -subject -rfc2253 CN=Joe User,DC=grid,DC=example,DC=org ENVIRONMENT VARIABLES
The following environment variables affect the execution of grid-cert-info: X509_USER_CERT Path to the default certificate file to inspect. AUTHOR
University of Chicago Globus Toolkit 5.0.1 03/22/2010 GRID-CERT-INFO(1)
Check Out this Related Man Page
GRID-PROXY-INIT(1) Globus Commands GRID-PROXY-INIT(1) NAME
grid-proxy-init - Generate a new proxy certificate SYNOPSIS
grid-proxy-init [-help] [-usage] [-version] grid-proxy-init [-debug] [-q] [-verify] [[-valid HOURS:MINUTES] | [-hours HOURS]] [-cert CERTFILE] [-key KEYFILE] [-certdir CERTDIR] [-out PROXYPATH] [-bits BITS] [-policy POLICYFILE] [[-pl POLICY-OID] | [-policy-language POLICY-OID]] [-path-length MAXIMUM] [-pwstdin] [-limited] [-independent] [[-draft] | [-old] | [-rfc]] DESCRIPTION
The grid-proxy-init program generates X.509 proxy certificates derived from the currently available certificate files. By default, this command generates a RFC 3820[1] Proxy Certificate with a 512 bit key valid for 12 hours in a file named /tmp/x509up_uUID. Command-line options and variables can modify the format, strength, lifetime, and location of the generated proxy certificate. X.509 proxy certificates are short-lived certificates, signed usually by a user's identity certificate or another proxy certificate. The key associated with a proxy certificate is unencrypted, so applications can authenticate using a proxy identity without providing a passphrase. Proxy certificates provide a convenient alternative to constantly entering passwords, but are also less secure than the user's normal security credential. Therefore, they should always be user-readable only (this is enforced by the GSI libraries), and should be deleted after they are no longer needed. This version of grid-proxy-init supports three different proxy formats: the old proxy format used in early releases of the Globus Toolkit up to version 2.4.x, an IETF draft version of X.509 Proxy Certificate profile used in Globus Toolkit 3.0.x and 3.2.x, and the RFC 3820 profile used in Globus Toolkit Version 4.0.x and 4.2.x. By default, this version of grid-proxy-init creates an RFC 3820 compliant proxy. To create a proxy compatible with older versions of the Globus Toolkit, use the -old or -draft command-line options. The full set of command-line options to grid-proxy-init are: -help, -usage Display the command-line options to grid-proxy-init. -version Display the version number of the grid-proxy-init command -debug Display information about the path to the certificate and key used to generate the proxy certificate, the path to the trusted certificate directory, and verbose error messages -q Suppress all output from grid-proxy-init except for passphrase prompts. -verify Perform certificate chain validity checks on the generated proxy. -valid HOURS:MINUTES, -hours HOURS Create a certificate that is valid for HOURS hours and MINUTES minutes. If not specified, the default of twelve hours and no minutes is used. -cert CERTFILE, -key KEYFILE Create a proxy certificate signed by the certificate located in CERTFILE using the key located in KEYFILE. If not specified the default certificate and key will be used. This overrides the values of environment variables described below. -certdir CERTDIR Search CERTDIR for trusted certificates if verifying the proxy certificate. If not specified, the default trusted certificate search path is used. This overrides the value of the X509_CERT_DIR environment variable -out PROXYPATH Write the generated proxy certificate file to PROXYPATH instead of the default path of /tmp/x509up_uUID. -bits BITS When creating the proxy certificate, use a BITS bit key instead of the default 512 bit keys. -policy POLICYFILE Add the certificate policy data described in POLICYFILE as the ProxyCertInfo X.509 extension to the generated proxy certificate. -pl POLICY-OID, -policy-language POLICY-OID Set the policy language identifier of the policy data specified by the -policy command-line option to the oid specified by the POLICY-OID string. -path-length MAXIMUM Set the maximum length of the chain of proxies that can be created by the generated proxy to MAXIMUM. If not set, the default of an unlimited proxy chain length is used. -pwstdin Read the private key's passphrase from stdin instead of reading input from the controlling tty. This is useful when scripting grid-proxy-init. -limited Create a limited proxy. Limited proxies are generally refused by process-creating services, but may be used to authorize with other services. -independent Create an independent proxy. An independent proxy is not treated as an impersonation proxy but as a separate identity for authorization purposes. -draft Create a IETF draft proxy instead of the default RFC 3280-compliant proxy. This type of proxy uses a non-standard proxy policy identifier. This might be useful for authenticating with older versions of the Globus Toolkit. -old Create a legacy proxy instead of the default RFC 3280-compliant proxy. This type of proxy uses a non-standard method of indicating that the certificate is a proxy and whether it is limited. This might be useful for authenticating with older versions of the Globus Toolkit. -rfc Create an RFC 3820-compliant proxy certificate. This is the default for this version of grid-proxy-init. EXAMPLES
To create a proxy with the default lifetime and format, run the grid-proxy-init program with no arguments. For example: % grid-proxy-init Your identity: /DC=org/DC=example/CN=Joe User Enter GRID pass phrase for this identity: Creating proxy .................................. Done Your proxy is valid until: Thu Mar 18 03:48:05 2010 To create a stronger proxy that lasts for only 8 hours, use the -hours and -bits command-line options to grid-proxy-init. For example: % grid-proxy-init -hours 8 -bits 1024 Your identity: /DC=org/DC=example/CN=Joe User Enter GRID pass phrase for this identity: Creating proxy .................................. Done Your proxy is valid until: Thu Mar 17 23:48:05 2010 ENVIRONMENT VARIABLES
The following environment variables affect the execution of grid-proxy-init: X509_USER_CERT Path to the certificate to use as issuer of the new proxy. X509_USER_KEY Path to the key to use to sign the new proxy. X509_CERT_DIR Path to the directory containing trusted certifiate certificates and signing policies. FILES
The following files affect the execution of grid-proxy-init: $HOME/.globus/usercert.pem Default path to the certificate to use as issuer of the new proxy. $HOME/.globus/userkey.pem Default path to the key to use to sign the new proxy. COMPATIBILITY
For more information about proxy certificate types and their compatibility in GT, see http://dev.globus.org/wiki/Security/ProxyCertTypes. SEE ALSO
grid-proxy-destroy(1), grid-proxy-info(1) AUTHOR
University of Chicago NOTES
1. RFC 3820 http://www.ietf.org/rfc/rfc3820.txt Globus Toolkit 5.0.2 04/25/2011 GRID-PROXY-INIT(1)