Globus continued....

1. export GLOBUS_LOCATION=/usr/local/globus

2. cd /usr/local/globus/setup/globus

3. ./setup-simple-ca
Press y to keep the default subject name.
Enter the email of the CA (It must be working because all the certificate requests will be sent to this emailID).
Accept the default for expiration date.
passphrase: should be hard to guess, as its compromise may compromise all the certificates signed by the CA.
Your passphrase must not contain any spaces.
Private key is in /home/globus/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA//globus_simple_ca_decb74a7_setup-0.20.tar.gz

This file must be distributed to any host wishing to request
certificates from this CA. The number decb74a7 in the last line is known as your CA hash. It will be an 8 hexadecimal digit string.

4. Run the following as root (or, if no root privileges are available, add the -nonroot option to the command line)
$GLOBUS_LOCATION/setup/globus_simple_ca_CA_decb74a7_setup/setup-gsi -default

replace the hash value on your machine i.e. decb74a7

5. cd /usr/local/globus/bin
./grid-cert-request -host '11.11.1.12'

6. As globus user sign the certificate request and generate certificate using:
./grid-ca-sign -in /etc/grid-security/hostcert_request.pem -out hostsigned.pem
You will be prompted for CA's password enter it here.
7. Login as root:
mv hostsigned.pem /etc/grid-security/hostcert.pem
press y to overwrite.
The certificate should be owned by root, and read-only for other users.
chown root:root /etc/grid-security/hostcert.pem


8. Users also must request user certificates, which you will sign using the globus user.Request a user certificate: As your normal user account (not globus), run:
grid-cert-request
After you enter a passphrase, this creates
• ~$USER/.globus/usercert.pem (empty)
• ~$USER/.globus/userkey.pem
• ~$USER/.globus/usercert_request.pem

Email the usercert_request.pem file to the SimpleCA maintainer.

9. As globus user, run:
grid-ca-sign -in usercert_request.pem -out signed.pem
Enter a passphrase of CA private key.

As user (xyz, not globus), copy the signed user certificate into ~/.globus/ and rename it as usercert.pem, thus replacing the empty file.

10. Using xyz user account verify certificate for xyz user.
cd /usr/local/globus/bin
./grid-proxy-init -debug -verify

User Cert File: /home/xyz/.globus/usercert.pem
User Key File: /home/xyz/.globus/userkey.pem

Trusted CA Cert Dir: /etc/grid-security/certificates

Output File: /tmp/x509up_u504
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-localhost.localdomain/OU=localdomain/CN=xyz
Enter GRID pass phrase for this identity:
Creating proxy ..........++++++++++++
......................++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Tue Aug 31 01:23:44 2010

Creating a grid using Globus toolkit

I have used fedora core 12 for installation.

1. Download the globus toll installer from http://www.globus.org. The current version is gt5.0.2-all-source-installer.tar.bz2.

2. create a directory with root login
mkdir /usr/local/globus
Copy gt5.0.2-all-source-installer.tar.bz2 to /usr/local/globus using the command
cp gt5.0.2-all-source-installer.tar.bz2 /usr/local/globus

2. Login as globus user and extract gt5.0.2-all-source-installer.tar.bz2 in /usr/local/globus:
chown globus:globus /usr/local/globus
tar xvf gt5.0.2-all-source-installer.tar.bz2

3.Configure the installation path to /usr/local/globus/ using commands:
cd gt5.0.2-all-source-installer
./configure --prefix /usr/local/globus/
This will create makefile.

4. make
It will take 15-20 minutes depending on the configuration of your machine.

5. make install

6. export GLOBUS_LOCATION on terminal and add a line in ~/.bashrc :
export GLOBUS_LOCATION=/usr/local/globus-5.0.2

To setup Simple CA see next blog.