next up previous
Next: User credentials and grid-proxies Up: Credentials (if not installed Previous: Credentials (if not installed

Server credentials

The exact procedure of getting the server credentials depends on the organisation involved.

As an example the procedure for machines in cern.ch domain can be found from:

http://globus.home.cern.ch/globus/ca/#hostcert

Generally the Globus grid-cert-request program is used to create a certificate request and a private key:

grid-cert-request -host hostname -dir hostdir

Then the usercert_request.pem file from hostdir is send to the CA involved and after the CA has checked the certificate request the host certificate is returned signed.

The returned certificate is saved to /etc/grid-security, on the machine involved, with name hostcert.pem and the private key from hostdir to the same directory with name hostkey.pem. Make sure that the hostkey and private key are only readable by the root! Otherwise the server might be easily compromised.

The proxy mechanism of EDG Java Security will create a time-limited proxy from this hostkey for Tomcat to use.



2004-05-05