CA issues
Robert Olson
olson at mcs.anl.gov
Mon Jan 27 12:42:51 CST 2003
we talked this morning about setting up OpenCA or a globus SimpleCA for
doing anonymous cert stuff, and leading up to issuing AG certs for AG
development folk.
Question 1: Do we do OpenCA or a simple CA. Installation of OpenCA these
days should be fairly straightforward. We have a couple machines
(fl-raserver and fl-caserver) that I've used for experimentation on in the
past; Ti would know state of machine juggle for those. Or we could just set
up an outmoded machine for one or the other (they don't need to be very
beefy at all). If we want to be really secure about it, the ca server box
would be offnet and cert signing info would pass between the to via floppy.
In either case, we would need to create a self-signed CA cert, keep the
private key really private, and publish the public cert (and include in the
Globus releases we do).
--bob
More information about the ag-dev
mailing list