Difference between revisions of "EGI-InSPIRE:JRA1 SHA2 Readiness"

From EGIWiki
Jump to: navigation, search
(GGUS)
(Accounting Repository)
Line 34: Line 34:
  
 
== Accounting Repository ==
 
== Accounting Repository ==
 +
The apel-broker server which runs ActiveMQ uses Sun Java which supports SHA-2
  
 
== Metrics Portal ==
 
== Metrics Portal ==

Revision as of 18:00, 4 April 2013

Operational Tools SHA2 Support Status

GOCDB

  • We have tested a SHA2 user cert on GOCDB and no problems.

If using Apache2 - Should be handled by Apache without tool modification. Adding some useful info for other PTs about how to get a SHA2 cert and the CA certs for testing (originally via P.Solagna via D.Groep):

The easiest is to get an instant SHA2 test certificate from CILogon, using their (unaccredited) OpenID provider like Google:

and select "Google" from the list of IdPs. After signing in to Google and typing in a password, you can download a pkcs#12 file with your new certificate and private key (you have ~ 2min to do this). To get the conventional usercert.pem and userkey.pem, use openssl:

 openssl pkcs12 -in myfile.p12 -info -out usercert.pem -nokeys  openssl pkcs12 -in myfile.p12 -info -out userkey.pem -nocerts  chmod 0600 userkey.pem

and give your passphrase a few times ;-) You can install the unaccredited OpenID CA just like the other IGTF CAs, but from the experimental repository:

SAM

SAM uses certificates in following components:

  • Apache 2 - SHA-2 supported natively
  • probes - SHA-2 readiness depends on probes.

Operations Portal

Ok:User authentication using SHA-2 signed certificates has been successfully tested by SA2 verifiers.

Accounting Portal

Ok:User authentication using SHA-2 signed certificates has been successfully tested by SA2 verifiers.

Accounting Repository

The apel-broker server which runs ActiveMQ uses Sun Java which supports SHA-2

Metrics Portal

Ok:User authentication using SHA-2 signed certificates has been successfully tested by SA2 verifiers.

Messaging

GGUS

No problems with SHA2 user certs on GGUS.