[AG-DEV] Identity certificates

Luis Galárraga lgalarra at fiec.espol.edu.ec
Fri Mar 14 15:24:23 CDT 2008 

Greetings Tom:

First of all, thanks again for your help, I have several questions, this
time related to server certificates. Do the things we were talking about
identity certificates apply to server certificates?. We have a developer who
is working in consuming AG server web services from a Java Client. He would
like to work at home, but unfortunately our request for opening certain tcp
ports was denied because of security issues. I told him to run server and
client in his machine. I had to make a server certificate request to be able
to run the server first time:
- Is it possible to omit this step?.
- If not, is it possible to create it with a tool like openssl. When
starting server from terminal, it asks for a certificate.
- Is there a way of exporting a certificate from command line. I have a
problem with the certificate management tool (it crashes unexpectedly. I
reported it and there is someone working to provide you a better report) so
I cannot do it through graphical interface.

Regards,
Luis



2008/3/13, Thomas D. Uram <turam at mcs.anl.gov>:
>
> Hi Luis:
>
> There are a few things you need to know in this regard:
>
> - By default, AG3 venues do not require that clients have a certificate
> to enter.  Venues can be optionally configured to require a certificate,
> in which case the user must present a certificate that satisfies the
> access controls on the venue.
>
> - You can run your own CA and issue your own certificates.  In that
> case, you'll need to make sure your clients have both your CA
> certificate and their personal certificate.
>
> Otherwise, this is general PKI.  If you have other questions, don't
> hesitate to ask.
>
> Tom
>
>
> On 3/6/08 3:41 PM, Luis Galárraga wrote:
> > Greetings:
> >
> > I am part of project for developing a webinar infraestructure based on
> > Access Grid. After a long discussion in which suggestions in this
> > mailing list were strongly considered, we have decided to implement a
> > simple client for venues (in servers 3.x) using Java Web Start Apps.
> > As you can see, there are many things to do, and developers have
> > started by making tests with the soap interfaces in the our AG server,
> > however they are not clear about the  concepts behind the
> > authentication process. We know AG uses digital certificates for
> > everything: users and services and those certificates are generated by
> > AG developers (after a process request). Can our developer team
> > generate certificates signed by us or it is required your sign?
> > Several people in our university will probably use the system so we
> > would like to have the privilege to generate the certificates. Could
> > someone explain us in a better way, the technical issues behind
> > authentication based on certificates (= how you implemented it)?. I
> > hope you can help us.
> >
> > Thanks in advance,
> >
> > Regards,
> > Luis Galárraga
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/ag-dev/attachments/20080314/30180593/attachment.htm>

More information about the ag-dev mailing list