What you are talking about is a "certificate signing request" (CSR)
A user typically generates 3 files (or logically separate pieces of
information) in the process of obtaining a user certificate.
Depending on the format of the certificate, these can be combined or
separate, and may (again depending on the format) require a separate
passphrase to access.
The simplest situation is this.
User generates a private key and a CSR file, for example in pem
format, resulting in
userkey.pem (private)
usercert-request.pem (to be sent to the certificate authority for
signing)
The certificate authority responds (through a wide variety of means)
with a response from which the user can extract teh usercert.pem file
needed by globus.
In teh end, all you need in your .globus area are
usercert.pem (public part, signed by CA)
userkey.pem (same as the original private part)
If I understand correctly, you are asking whether you need the CA
public certificate files to be able to generate the CSR to be sent to
a particular CA.
The answer is yes.
Hope this helps,
Alan
On Sep 11, 2007, at 1:42 PM, Olivier Ricou wrote:
A certificate is a key signed by the CA (with its private key) so
you need the CA to do the certificates but not to do your keys.
I can imagine my users making their own key and sending them to the
CA for certification (it will be the CA's duty to check that the
key belongs to the user, it will be the user's duty to get the CA
public key and I see no reason why he should get it before).
So I still think there is no reason to force the user to have
a CA on his computer to run grid-cert-request (grid-cert-request
just do keys, not certificates. It asks you at the end to send
your request for certificate to the CA). I agree it can be easier
for some users so I just ask for an option so I can use
grid-cert-request without having a CA on my computer.
Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: [EMAIL PROTECTED] ph. 806-742-4350 fax 806-742-4358 :
====================================================================
