Difference between revisions of "EGI-InSPIRE:JRA1 SHA2 Readiness"

From EGIWiki
Jump to: navigation, search
(Created page with "= Operational Tools SHA2 Support Status = == GOCDB == == SAM == == Operations Portal == == Accounting Portal == == Accounting Repository == == Metrics Portal == == Messag...")
 
(GOCDB)
Line 3: Line 3:
  
 
== GOCDB ==
 
== GOCDB ==
 +
Adding some useful info for other PTs about how to get a SHA2 cert and the CA certs (originally via P.Solagna via D.Groep):
 +
 +
The easiest is to get an instant certificate from CILogon, using their (unaccredited) OpenID provider like Google:
 +
 +
* https://cilogon.org/
 +
 +
and select "Google" from the list of IdPs. After signing in to Google and typing in a password, you can download a pkcs#12 file with your new certificate and private key (you have ~ 2min to do this). To get the conventional usercert.pem and userkey.pem, use openssl:
 +
<pre>
 +
openssl pkcs12 -in myfile.p12 -info -out usercert.pem -nokeys  openssl pkcs12 -in myfile.p12 -info -out userkey.pem -nocerts  chmod 0600 userkey.pem
 +
</pre>
 +
and give your passphrase a few times ;-)
 +
You can install the unaccredited OpenID CA just like the other IGTF CAs, but from the experimental repository:
 +
* https://dist.eugridpma.info/distribution/current/experimental
  
 
== SAM ==
 
== SAM ==

Revision as of 18:00, 31 July 2012

Operational Tools SHA2 Support Status

GOCDB

Adding some useful info for other PTs about how to get a SHA2 cert and the CA certs (originally via P.Solagna via D.Groep):

The easiest is to get an instant certificate from CILogon, using their (unaccredited) OpenID provider like Google:

and select "Google" from the list of IdPs. After signing in to Google and typing in a password, you can download a pkcs#12 file with your new certificate and private key (you have ~ 2min to do this). To get the conventional usercert.pem and userkey.pem, use openssl:

 openssl pkcs12 -in myfile.p12 -info -out usercert.pem -nokeys  openssl pkcs12 -in myfile.p12 -info -out userkey.pem -nocerts  chmod 0600 userkey.pem

and give your passphrase a few times ;-) You can install the unaccredited OpenID CA just like the other IGTF CAs, but from the experimental repository:

SAM

Operations Portal

Accounting Portal

Accounting Repository

Metrics Portal

Messaging

GGUS