[AG-TECH] Certificates
Robert Olson
olson at mcs.anl.gov
Thu Sep 11 13:53:15 CDT 2003
> I totally agree - the certificate request process seems quite broken.
Does your site still need to request through an http proxy server? If so,
at this point it's guaranteed not to work, as it uses xmlrpc over http to
the server here at ANL. (I've just dropped in client code in CVS to use an
http proxy for the request, so that will be available soonish, after I've
got it tested and integrated with the retrieval as well. As an aside, the
actual tech for doign it is quite straightfoward, most of the time has
been spent on UI integration, sigh.)
> And,
> even though you can request host and service certs via the interface, I'm
> not sure that the mechanism exists yet on the other side to actually issue
> them.
We're working on it. You can still the globus mechanism on linux of
grid-cert-request (with the AG Globus RPMs installed) to request service
certs.
> >Can you help me understand one thing though. What are the differences
> >between the three types of certificates? Do I need to request one of
> >each? Do I need to request a machine one for each machine, or is
> >requesting one Identity certificate and somehow (which i also need to
> >learn) importing them on the Audio and Video machines?
You can use an identity certificate anywhere, but it will require a valid
proxy to be usable.
Service certs are meant to be used for things like venue servers and
(eventually, when start-at-boot works for the media services) for the
capture machines in a multiple-machine node.
--bob
More information about the ag-tech
mailing list