[AG-TECH] AG 2.0/Globus cert question

Ti Leggett leggett at mcs.anl.gov
Fri May 9 12:21:26 CDT 2003


They will as long as whoever's running the venue server and such accepts
the Globus CA as trusted. By default, we ship the AG2 software with the
Globus CA cert in the trusted certs directory.

On Fri, 2003-05-09 at 12:19, Randy Heiland wrote:
> Will "Globus" certs continue to be valid for AG 2.x?  I have:
> 
> issuer   : /O=Grid/O=Globus/OU=ncsa.uiuc.edu/CN=Randy Heiland
> 
> --Randy
> 
> On May 9,  9:42am, Ti Leggett wrote:
> > Subject: Re: [AG-TECH] AG 2.0/Globus cert question
> > I'll explain how it currently is and in what direction we're going with
> > them. Currently, all users should have a cert and it's helpful if the
> > cert's subject is something human readable and meaningful, i.e., the CN=
> > portion has your full name in it like
> >
> > O=Access Grid, OU=agdev-ca.mcs.anl.gov, OU=mcs.anl.gov, CN=Ti Leggett
> >
> > These user certs work well for things like personal or desktop nodes
> > because on these the AG software may not always be fired up and when it
> > is fired up, it's fired up by the user.
> >
> > Where we're going is for the AGNodeService and AGServiceManagers to have
> > their own service certs that they use to start. This is especially
> > important when these services might start at boot time on multi-machine
> > nodes when no user is yet present.
> >
> > So presently your only option is to have your user cert. If you're doing
> > some testing there shouldn't be a problem moving your cert and key
> > around to each machine for the time being. In the future you can still
> > do that, but we highly recommend getting the appropriate service certs
> > for services and user certs for everybody.
> >
> > In case your curious, a service cert would look something like:
> >
> > O=Access
> > Grid,OU=agdev-ca.mcs.anl.gov,CN=AGNodeService/ws-control.mcs.anl.gov
> >
> > And
> >
> > O=Access
> > Grid,OU=agdev-ca.mcs.anl.gov,CN=AGServiceManager/ws-video.mcs.anl.gov
> >
> > Hopefully this helps more than it hurts :)
> >
> > On Thu, 2003-05-08 at 17:09, Darin Oman wrote:
> > > I will be running AG 2.0 in one form or another on a few different
> > > machines (main node, my laptop, etc.). Is it OK to use the same
> > > certificate for all machines, or should I request a separate cert for
> > > each? Is there a problem if there are 2 nodes running at the same time
> > > using the same cert?
> > >
> > > Thanks,
> > > Darin
> > >
> >-- End of excerpt from Ti Leggett
> 
> 




More information about the ag-tech mailing list