On Jul 14, 2008, at 9:42 AM, hawking.zn wrote:
Hi all:
According to the doc, we always do as follows:
1. install simple CA.
2. and then install GSI.
But if I want to use other CA system. how can I install the GSI?
You are using the word "GSI" in an imprecise way. Your step 2 is
really "configuring a machine/installation to trust a particular CA".
And if you have installed simpleCA, you are configuring trust for that
simpleCA. But it is quite easy to trust any CA. The technical
details are at http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public_Interfaces.html#id2528598
All you need is the other CA's public certificate and their signing
policy. If they don't have a signing policy already, that link
describes how you can create one manually.
Charles
