From: Mary Thompson (mrthompson@lbl.gov)
Date: Thu Apr 18 2002 - 10:34:32 PDT
Lew,
To create an Attribute cert:
in /p/fusiongrid/mrthomps/akentiInstall/certs you will find a bunch of
xml attribute certificate templates named demoTestName.xml. Copy one of
them, say demoTestQian.xml to demoTestJustin.xml. Then edit it as
follows:
Change the
<Issuer>
<UserDN>/O=doesciencegrid.org/OU=people/CN=Mary R.
Thompson</UserDN>
>From Mary R. Thompson to Lew Randerson 595739
Change
<AttributeCert>
<SubjectAndCA>
<UserDN>/O=doesciencegrid.org/OU=People/CN=Qian Peng
344264</UserDN>
from Qian Peng 344264 to Justin Burruss 586684
Now to sign it you need a pkcs12 file with your private key handy. You
may have such a file left over from when you exported your certificate
from your browser in order to create the userkey.pem and usercert.pem
files. Otherwise you can create new one by using the export function of
your browser. I have mine stashed in akentiInstall/idCerts for
convenience.
Using that key you can generate a signed version of the demoTestJustin
cert by
cd /p/fusiongrid/mrthomps/akentiInstall/
./bin/certGen.sh -V -k <your.p12.file> -p <password of p12 file> -o
certs/demoTestJustin certs/demoTestJustin.xml
-- --------------------------------------------------------------------- Mary R. Thompson <MRThompson@lbl.gov> Distributed Security Research Group (510) 486-7408 Lawrence Berkeley National Lab http://www-itg.lbl.gov/~mrt ----------------------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Fri Apr 19 2002 - 03:00:19 PDT