[Fwd: Re: [Openca-Users] problems with CNs containing slashes /]

Ti Leggett leggett at mcs.anl.gov
Mon Aug 4 12:57:16 CDT 2003


-----Forwarded Message-----
From: Lyle Winton <winton at physics.unimelb.edu.au>
To: Ti Leggett <leggett at mcs.anl.gov>
Subject: Re: [Openca-Users] problems with CNs containing slashes /
Date: 25 Jul 2003 12:11:01 +1000

Hi Ti,

I have some notes on OpenCA setup and included are some bits
on Grid certificates...

http://epp.ph.unimelb.edu.au/epp/grid/
See the link in the Software section entitles OpenCA 0.9.0

You'll have to add a new role which I've called "Grid Cert"
and make the country name and email address optional,
which it isn't by default.  You'll also need to make sure
that config values like SET_*_SERIAL_IN_DN are all set to
"N", so that OpenCA doesn't mangle the subject/DN of grid
certificates.  If you're using LDAP for storage (and this makes
sense if you want an LDAP grid VO) you'll need to make
the changes regarding CNs which contain slashes.  Globus's
MDS/GRIS/GIIS certificates contain slashes, as I'm sure you
know.

Regards,
Lyle.


Ti Leggett wrote:

>Hi there. I work at Argonne National Lab (of Globus fame) and we're in
>the midst of trying to setup up an OpenCA globus CA as well for the
>Access Grid (since it now uses Globus under the hood). I see you say you
>have an OpenCA solution to a Globus CA. Could you by chance give me any
>pointers? Also, are you using LDAP to store certifcates and if so, do
>you use a custom schema? Thanks!
>
>  
>






More information about the ag-dev mailing list