On 5/26/11 11:52 AM, Jim Basney wrote: > On 5/26/11 11:50 AM, Lukasz Lacinski wrote: >> On 5/26/11 12:24 PM, Jim Basney wrote: >>>>> You can add any CA certificate to your server's certificate area, if >>>>> you trust the way that CA is run. If not, you shouldn't be using its >>>>> certificates; if so, what id the problem with adding it in? >>>> If someone manages a client grid workstation, users have to ask him to >>>> add a certificate of MyProxy CA they want to use from that workstation. >>> Or they can just run 'myproxy-logon --bootstrap'. >> It downloads a host certificate a MyProxy server uses. This certificate >> does not have to be signed by a MyProxy CA used with that MyProxy >> server. But this is a light in a tunnel. If owners of a MyProxy server >> use a host certificate signed by MyProxy CA it will solve problems. > > It also installs any trust roots that the MyProxy CA delivers to it (see > myproxy-server.config cert_dir setting).
More details here: http://grid.ncsa.illinois.edu/myproxy/trustroots/ -Jim
