Provided by: globus-simple-ca_5.3-1_all 
NAME
grid-ca-create - Create a CA to sign certificates for use on a grid
SYNOPSIS
grid-ca-create [ -h | -help | -usage | -version | -versions ] [ -openssl-help]
grid-ca-create [ OPTIONS ] [ OPENSSL-OPTIONS ]
DESCRIPTION
The grid-ca-create program creates a self-signed CA certificate and related files needed to use the CA
with other Globus tools. The grid-ca-create program prompts for information to use to generate the CA
certificate, but the prompts may be avoided by using the command line options.
By default, the grid-ca-create program creates the self-signed CA certificate, installs it on the current
machine in its trusted certificate directory, and creates a source tarball which can be used to generate
an RPM package for the CA. If the RPM package is installed on a machine, users on that machine can create
certificate requests for user, host, or service identity certificates to be signed by the CA certificate
generated by running grid-ca-create.
If run as a privileged user, the grid-ca-create program creates the CA certificate and support files in
the CA certificate and signing policy are installed in the /etc/grid-security directory. Otherwise, the
files are
OPTIONS
The full set of command-line options to grid-ca-create follows. In addition to these, unknown options
will be passed to the openssl command when creating the self-signed certificate.
-help, -h, -usage
Display the command-line options to grid-ca-create and exit.
-version, -versions
Display the version number of the grid-ca-create command. The second form includes more details.
-force
Overwrite existing CA in the destination directory if one exists.
-bits BITS
Create a CA certificate with a BITS long RSA key [4096]
-noint
Run in non-interactive mode. This will choose defaults for parameters or those specified on the
command line without prompting. This option also implies -force.
-dir DIRECTORY
Create the CA in DIRECTORY. The DIRECTORY must not exist prior to running grid-ca-create.
-subject SUBJECT
Use SUBJECT as the subject name of the self-signed CA to create. If this is not specified on the
command-line, grid-ca-create will default to using the subject name cn=Globus Simple CA,
ou=$HOSTNAME, ou=GlobusTest, o=Grid.
-email ADDRESS
Use ADDRESS as the email address of the CA. The default instructions generated by grid-ca-create tell
users to mail the certificate request to this address. If this is not specified on the command-line,
grid-ca-create will default to $LOGNAME@$HOSTNAME.
-days DAYS
Set the default lifetime of the self-signed CA certificate to DAYS. If not set, the grid-ca-create
program will default to 1825 days (5 years).
-pass PASSWORD
Use the string PASSWORD to protect the CA’s private key. This is useful for automating Simple CA, but
may make it easier to compromise the CA if someone obtains a shell on the machine storing the CA’s
private key.
-nobuild
Disable building a source tarball for distributing the CA’s public information to other machines. The
source tarball can be created later by using the grid-ca-package command.
EXAMPLES
Create a simple CA in $HOME/SimpleCA:
% grid-ca-create -noint -dir $HOME/SimpleCA
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus
users certificates. It will also generate a simple CA package
that can be distributed to the users of the CA.
The CA information about the certificates it distributes will
be kept in:
/home/juser/SimpleCA
The unique subject name for this CA is:
cn=Globus Simple CA, ou=simpleCA-grid.example.org, ou=GlobusTest, o=Grid
Insufficient permissions to install CA into the trusted certifiicate
directory (tried ${sysconfdir}/grid-security/certificates and
${datadir}/certificates)
Creating RPM source tarball... done
globus_simple_ca_0146c503.tar.gz
ENVIRONMENT
The following environment variables affect the execution of grid-ca-create:
GLOBUS_LOCATION
Non-standard installation path of the Grid Community Toolkit.
SEE ALSO
grid-cert-request(1), grid-ca-sign(1), grid-default-ca(1), grid-ca-package(1)
AUTHOR
Copyright © 1999-2014 University of Chicago
Grid Community Toolkit 6 06/03/2020 GRID-CA-CREATE(1)