On 5/26/11 12:24 PM, Jim Basney wrote:
You can add any CA certificate to your server's certificate area, if
you trust the way that CA is run. If not, you shouldn't be using its
certificates; if so, what id the problem with adding it in?
If someone manages a client grid workstation, users have to ask him to
add a certificate of MyProxy CA they want to use from that workstation.
Or they can just run 'myproxy-logon --bootstrap'.
I am trying to use the option
*certificate_issuer_subca_certfile* /full-path-to-subca-certificate-file/
If you would like an intermediate/sub-CA certificate chain to be
sent along with the EEC (End Entity Certificate) generated using
a local intermediate/sub-CA, specify the file that contains
those certificates in PEM format. This is meant to aid scenarios
where the CA used is an intermediate CA (i.e. not a root CA) and
the client may not have the intermediate CA(s) in its trust
store. The client will write out the chain into the same file as
the EEC, following the EEC.
to force MyProxy server to add a MyProxy CA certificate to issued EEC.
It works but unfortunately, in a second party transfers the
globus-url-copy does not take this CA certificate into account in a
process of certificate verification (gss_init_sec_context). Is it
possible to force grid clients to look for a CA certificate in a chain
received from MyProxy server?
Thanks,
Lukasz
