die 11/09/07, ad 20h50, Alan Sill <[EMAIL PROTECTED]> dixit : > What you are talking about is a "certificate signing request" (CSR) > > A user typically generates 3 files (or logically separate pieces of > information) in the process of obtaining a user certificate. > Depending on the format of the certificate, these can be combined or > separate, and may (again depending on the format) require a separate > passphrase to access. > > The simplest situation is this. > > User generates a private key and a CSR file, for example in pem > format, resulting in > > userkey.pem (private) > usercert-request.pem (to be sent to the certificate authority for > signing) > > The certificate authority responds (through a wide variety of means) > with a response from which the user can extract teh usercert.pem file > needed by globus.
I agree > In teh end, all you need in your .globus area are > > usercert.pem (public part, signed by CA) > userkey.pem (same as the original private part) I would add a certificates directory with the public key of the CA to check to host you connect to. > If I understand correctly, you are asking whether you need the CA > public certificate files to be able to generate the CSR to be sent to > a particular CA. > > The answer is yes. It is like that in grid-cert-request but it is no necessary. There is nothing in the CSR that needs to have the CA public key. The only point is the define the DN correctly but you could have this information elsewhere. I had all the answers I need, thanks to all of you. I will finish my scripts generating keys and certificates without a dependency on Globus. Thanks again, Olivier.
signature.asc
Description: Digital signature
