Difference between revisions of "EGI-InSPIRE:JRA1 SHA2 Readiness"
Jump to navigation
Jump to search
(→GOCDB) |
(→GOCDB) |
||
Line 3: | Line 3: | ||
== GOCDB == | == GOCDB == | ||
Adding some useful info for other PTs about how to get a SHA2 cert and the CA certs (originally via P.Solagna via D.Groep): | Adding some useful info for other PTs about how to get a SHA2 cert and the CA certs for testing (originally via P.Solagna via D.Groep): | ||
The easiest is to get an instant certificate from CILogon, using their (unaccredited) OpenID provider like Google: | The easiest is to get an instant <b>SHA2 test certificate</b> from CILogon, using their (<b>unaccredited</b>) OpenID provider like Google: | ||
* https://cilogon.org/ | * https://cilogon.org/ |
Revision as of 18:02, 31 July 2012
Operational Tools SHA2 Support Status
GOCDB
Adding some useful info for other PTs about how to get a SHA2 cert and the CA certs for testing (originally via P.Solagna via D.Groep):
The easiest is to get an instant SHA2 test certificate from CILogon, using their (unaccredited) OpenID provider like Google:
and select "Google" from the list of IdPs. After signing in to Google and typing in a password, you can download a pkcs#12 file with your new certificate and private key (you have ~ 2min to do this). To get the conventional usercert.pem and userkey.pem, use openssl:
openssl pkcs12 -in myfile.p12 -info -out usercert.pem -nokeys openssl pkcs12 -in myfile.p12 -info -out userkey.pem -nocerts chmod 0600 userkey.pem
and give your passphrase a few times ;-) You can install the unaccredited OpenID CA just like the other IGTF CAs, but from the experimental repository: