Greetings Tom:<br><br>First of all, thanks again for your help, I have several questions, this time related to server certificates. Do the things we were talking about identity certificates apply to server certificates?. We have a developer who is working in consuming AG server web services from a Java Client. He would like to work at home, but unfortunately our request for opening certain tcp ports was denied because of security issues. I told him to run server and client in his machine. I had to make a server certificate request to be able to run the server first time:<br>
- Is it possible to omit this step?. <br>- If not, is it possible to create it with a tool like openssl. When starting server from terminal, it asks for a certificate.<br>- Is there a way of exporting a certificate from command line. I have a problem with the certificate management tool (it crashes unexpectedly. I reported it and there is someone working to provide you a better report) so I cannot do it through graphical interface.<br>
<br>Regards,<br>Luis<br><br><br><br><div><span class="gmail_quote">2008/3/13, Thomas D. Uram <<a href="mailto:turam@mcs.anl.gov">turam@mcs.anl.gov</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Luis:<br> <br> There are a few things you need to know in this regard:<br> <br> - By default, AG3 venues do not require that clients have a certificate<br> to enter. Venues can be optionally configured to require a certificate,<br>
in which case the user must present a certificate that satisfies the<br> access controls on the venue.<br> <br> - You can run your own CA and issue your own certificates. In that<br> case, you'll need to make sure your clients have both your CA<br>
certificate and their personal certificate.<br> <br> Otherwise, this is general PKI. If you have other questions, don't<br> hesitate to ask.<br> <br> Tom<br> <br><br> On 3/6/08 3:41 PM, Luis Galárraga wrote:<br> > Greetings:<br>
><br> > I am part of project for developing a webinar infraestructure based on<br> > Access Grid. After a long discussion in which suggestions in this<br> > mailing list were strongly considered, we have decided to implement a<br>
> simple client for venues (in servers 3.x) using Java Web Start Apps.<br> > As you can see, there are many things to do, and developers have<br> > started by making tests with the soap interfaces in the our AG server,<br>
> however they are not clear about the concepts behind the<br> > authentication process. We know AG uses digital certificates for<br> > everything: users and services and those certificates are generated by<br>
> AG developers (after a process request). Can our developer team<br> > generate certificates signed by us or it is required your sign?<br> > Several people in our university will probably use the system so we<br>
> would like to have the privilege to generate the certificates. Could<br> > someone explain us in a better way, the technical issues behind<br> > authentication based on certificates (= how you implemented it)?. I<br>
> hope you can help us.<br> ><br> > Thanks in advance,<br> ><br> > Regards,<br> > Luis Galárraga<br> </blockquote></div><br>