这篇博客详细介绍了globus证书的配置过程,包括安装步骤和安全设置,提供了一条完整的安装链接供读者参考。
[update]这篇博客只是globus安装过程中极小的一部分。完整详细的安装过程请看:http://blog.youkuaiyun.com/jcwKyl/archive/2009/07/18/4360031.aspx
这一篇接着前一篇日志,在前一篇日志中安装好了
globus
后,开始安全方面的配置。所有的东西也都是来自
gt4
安装包解压后的
quickstart.html
文件,这份文件非常详尽、生动地讲解了所有的操作。以下的部分来自于
quickstart.html
的
2.3
节和安装文档的第七章:
http://www.globus.org/toolkit/docs/4.0/admin/docbook/ch07.html#s-simpleca-admin-installing
这之前先说一个非常有用的工具—— tee 。它读取标准输入,然后把读取的东西同时送到标准输出和一个用户指定的文件中。这样小巧但实用的工具使人更愿意用 linux 。因为我在虚拟机中文本模式下不能向上翻页,但是如果把输出重定向一下又会在需要输入时不知所措,所以找到了它。
首先,运行创建脚本创建一个 CA 。 ( 关于 CA 、证书、 PKI 、公钥加密这些概念是网络安全中的基本概念 )
Globus $ $GLOBUS_LOCATION/setup/globus /setup-simple-ca | tee config.log
http://www.globus.org/toolkit/docs/4.0/admin/docbook/ch07.html#s-simpleca-admin-installing
这之前先说一个非常有用的工具—— tee 。它读取标准输入,然后把读取的东西同时送到标准输出和一个用户指定的文件中。这样小巧但实用的工具使人更愿意用 linux 。因为我在虚拟机中文本模式下不能向上翻页,但是如果把输出重定向一下又会在需要输入时不知所措,所以找到了它。
首先,运行创建脚本创建一个 CA 。 ( 关于 CA 、证书、 PKI 、公钥加密这些概念是网络安全中的基本概念 )
Globus $ $GLOBUS_LOCATION/setup/globus /setup-simple-ca | tee config.log
WARNING: GPT_LOCATION not set, assuming:
GPT_LOCATION=/usr/local/globus-4.0.8
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus
users certificates. It will also generate a simple CA package
that can be distributed to the users of the CA.
The CA information about the certificates it distributes will
be kept in:
/home/globus/.globus/simpleCA /
The unique subject name for this CA is:
cn = Globus Simple CA, ou =simpleCA-jcwkyl , ou =GlobusTest , o=Grid
Do you want to keep this as the CA subject (y/n) [y]:
Enter the email of the CA (this is the email where certificate
requests will be sent to be signed by the CA):
The CA certificate has an expiration date. Keep in mind that
once the CA certificate has expired, all the certificates
signed by that CA become invalid. A CA should regenerate
the CA certificate and start re-issuing ca-setup packages
before the actual CA certificate expires. This can be done
by re-running this setup script. Enter the number of DAYS
the CA certificate should last before it expires.
[default : 5 years (1825 days)]:
[H [J
creating CA config package...done.
A self-signed certificate has been generated
for the Certificate Authority with the subject:
/O=Grid/OU=GlobusTest /OU=simpleCA-jcwkyl/CN =Globus Simple CA
If this is invalid, rerun this script
/usr/local/globus-4.0.8/setup/globus/setup-simple-ca
and enter the appropriate fields.
GPT_LOCATION=/usr/local/globus-4.0.8
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus
users certificates. It will also generate a simple CA package
that can be distributed to the users of the CA.
The CA information about the certificates it distributes will
be kept in:
/home/globus/.globus/simpleCA /
The unique subject name for this CA is:
cn = Globus Simple CA, ou =simpleCA-jcwkyl , ou =GlobusTest , o=Grid
Do you want to keep this as the CA subject (y/n) [y]:
Enter the email of the CA (this is the email where certificate
requests will be sent to be signed by the CA):
The CA certificate has an expiration date. Keep in mind that
once the CA certificate has expired, all the certificates
signed by that CA become invalid. A CA should regenerate
the CA certificate and start re-issuing ca-setup packages
before the actual CA certificate expires. This can be done
by re-running this setup script. Enter the number of DAYS
the CA certificate should last before it expires.
[default : 5 years (1825 days)]:
[H [J
creating CA config package...done.
A self-signed certificate has been generated
for the Certificate Authority with the subject:
/O=Grid/OU=GlobusTest /OU=simpleCA-jcwkyl/CN =Globus Simple CA
If this is invalid, rerun this script
/usr/local/globus-4.0.8/setup/globus/setup-simple-ca
and enter the appropriate fields.
最低0.47元/天 解锁文章
扫一扫
2318
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
