[caops-wg] automation of ca cert installation
Mike Helm
helm at fionn.es.net
Wed Oct 25 17:40:56 CDT 2006
Here's an interesting dilemma posed by a software tools
provider & Grid service provider in OSG. It's in scope
for us at least to the extent that we are providing
projects for a rational basis to contemplate automation
like this.
This is essentially a special case of a "validation service"
too, isn't it? (The case where the "service" consists only
of automatically updating trust anchors according to some rules
at each relying party.)
------- Forwarded Message
>From owner-osg-int at OPENSCIENCEGRID.ORG Wed Oct 25 15:26:58 2006
Date: Wed, 25 Oct 2006 17:24:05 -0500
From: Alain Roy <roy at cs.wisc.edu>
Subject: Re: CA cert
In-reply-to: <453FE301.9050209 at phys.ufl.edu>
Sender: owner-osg-int at OPENSCIENCEGRID.ORG
To: osg-int at OPENSCIENCEGRID.ORG
Message-id: <7.0.0.16.2.20061025172253.089f6c88 at cs.wisc.edu>
I don't feel comfortable suggesting a way to automate the
installation of root-owned files pertaining to security: I don't have
a strong enough security background.
- -alain
At 06:19 PM 10/25/2006 -0400, Bockjoo Kim wrote:
>Is it not possible to automate or cronize this ?
>Bockjoo
>Alain Roy wrote:
>
>>At 05:53 PM 10/25/2006 -0400, Bockjoo Kim wrote:
>>
>>>Hi,
>>>We need to update more CAs.
>>>Could someone tell me how to include this CA :
>>>9dd23746.0 and http://www.irisgrid.es/pki/
>>>and/or which configuration file should be updated ?
>>
>>That CA is in the VDT distribution of the CA certificates.
>>If you haven't updated in a while, you might not have it. Get a
>>recent version of Pacman (not Pacman 3.17) and:
>>cd $VDT_LOCATION
>>pacman -allow save-setups
>>pacman -update CA-Certificates
>>-alain
>
------- End of Forwarded Message
More information about the caops-wg
mailing list