grid-ca-sign (1)

Sign a certificate with a simpleca for use on a grid

  1. Carta.tech
  2. Man Pages
  3. Executable programs or shell commands
  4. grid-ca-sign: Sign a certificate with a simpleca for use on a grid
  1. Carta.tech
  2. Packages
  3. globus-simple-ca
  4. grid-ca-sign: Sign a certificate with a simpleca for use on a grid

SYNOPSIS

grid-ca-sign [-help] [-h] [-usage] [-version] [-versions] grid-ca-sign -in REQUEST -out CERTIFICATE

[-force] [-dir DIRECTORY]

[-openssl-help] [OPENSSL-OPTIONS]

DESCRIPTION

The grid-ca-sign program signs a certificate based on a request file with a CA certificate created by grid-ca-create. The new certificate is written to a file. If the CA has already signed a certificate with the same subject name as contained in the certificate request, it will refuse to sign the new request unless the -force option is provided on the command-line.

If run as a privileged user, grid-ca-sign uses the CA certificate and configuration located in ${localstatedir}/lib/globus/simple_ca to sign the certificate. For a non-privileged user, grid-ca-sign uses the CA certificate and configuration located in $HOME/.globus/simpleCA. The grid-ca-sign program an use a different CA configuration and certificate by using the -dir option.

The full set of command-line options to grid-ca-sign follows. In addition to these, unknown options will be passed to the openssl command when creating the self-signed certificate.

-help, -h, -usage

Display the command-line options to grid-ca-sign and exit.

-version, -versions

Display the version number of the grid-ca-sign command. The second form includes details about the package containing grid-ca-sign.

-in REQUEST

Sign the request contained in the REQUEST file.

-out CERTIFICATE

Write the signed request to the CERTIFICATE file.

-force

Revoke any previously issued certificate with the same subject name as in the certificate request and issue a new certificate. Otherwise, grid-ca-sign will refuse to sign the request.

-dir DIRECTORY

Sign the certificate using the Simple CA certificate and configuration located in DIRECTORY instead of the default.

-openssl-help

Print the command-line options available for the openssl ca command.

EXAMPLES

Sign a certificate request using the simple CA in $HOME/SimpleCA

% grid-ca-sign -in usercert_request.pem -out usercert.pem -dir $HOME/SimpleCA

To sign the request
please enter the password for the CA key:

The new signed certificate is at: /home/juser/.globus/simpleCA/newcerts/01.pem

ENVIRONMENT VARIABLES

The following environment variables affect the execution of grid-ca-sign:

GLOBUS_LOCATION

Non-standard installation path of the Globus toolkit.

RELATED TO grid-ca-sign…

grid-cert-request(1), grid-ca-create(1), grid-default-ca(1), grid-ca-package(1)

AUTHOR

University of Chicago