Man Linux: Main Page and Category List


       grid-default-ca - Select default CA for certificate requests


       grid-default-ca [-help] [-h] [-usage] [-u] [-version] [-versions]

       grid-default-ca -list [-dir CA-DIRECTORY]

       grid-default-ca [-ca CA-HASH] [-dir CA-DIRECTORY]


       The grid-default-ca program sets the default certificate authority to
       use when the grid-cert-request script is run. The CA´s certificate,
       configuration, and signing policy must be installed in the trusted
       certificate directory to be able to request certificates from that CA.
       Note that some CAs have different policies and use other tools to
       handle certificate requests. Please consult your CA´s support staff if
       you unsure. The grid-default-ca is designed to work with CAs
       implemented using the globus_simple_ca package.

       By default, the grid-default-ca program displays a list of installed CA
       certificates and the prompts the user for which one to set as the
       default. If invoked with the -list command-line option, grid-default-ca
       will print the list and not prompt nor set the default CA. If invoked
       with the -ca option, it will not list or prompt, but set the default CA
       to the one with the hash that matches the CA-HASH argument to that
       option. If grid-default-ca is used to set the default CA, the caller of
       this program must have write permissions to the trusted certificate

       The grid-default-ca program sets the CA in the one of the grid security
       directories. It looks in the directory named by the GRID_SECURITY_DIR
       environment, the X509_CERT_DIR, /etc/grid-security, and

       The full set of command-line options to grid-default-ca are:

       -help, -h, -usage, -u
           Display the command-line options to grid-default-ca and exit.

       -version, -versions
           Display the version number of the grid-default-ca command. The
           second form includes more details.

       -dir CA-DIRECTORY
           Use the trusted certificate directory named by CA-DIRECTORY instead
           of the default.

           Instead of changing the default CA, print out a list of all
           available CA certificates in the trusted certificate directory

       -ca CA-HASH
           Set the default CA without displaying the list of choices or
           prompting. The CA file named by CA-HASH must exist.


       List the contents of the trusted certificate directory that contain the
       string Example:

           % grid-default-ca | grep Example
           15) cd1186ff -  /DC=org/DC=Example/DC=Grid/CN=Example CA

       Choose that CA as the default:

           % grid-default-ca -ca cd1186ff

           setting the default CA to: /DC=org/DC=Example/DC=Grid/CN=Example CA

           linking /etc/grid-security/certificates/grid-security.conf.cd1186ff to

           linking /etc/grid-security/certificates/grid-host-ssl.conf.cd1186ff  to

           linking /etc/grid-security/certificates/grid-user-ssl.conf.cd1186ff  to



       The following environment variables affect the execution of

           Path to the default trusted certificate directory.

           Path to the default trusted certificate directory.

           Path to the Globus Toolkit installation directory.


       The grid-default-ca program displays CAs from all of the directories in
       its search list; however, grid-cert-request only uses the first which
       contains a grid security configuration.

       The grid-default-ca program may display the same CA multiple times if
       it is located in multiple directories in its search path. However, it
       does not provide any information about which one would actually be used
       by the grid-cert-request command.




       University of Chicago