source: TI12-security/trunk/python/conf/simpleCAProperties.xml @ 2145

Subversion URL:
Revision 2145, 1.5 KB checked in by pjkersha, 14 years ago (diff)

python/ added file copied
from Session Manager equivalent


  • added ability to generate a certificate request using M2Crypto
  • added properties for running web service over SSL + PKI settings
  • properties file path can be set vai the NDGSEC_CA_PROPFILEPATH environment variable

python/ script to run
service with twistd.

python/ calls to wsdl2dispatch to
generate server side stubs.

python/ fixed typo

  • ref to Attribute Authority instead of Session Manager.

python/ simplified use of OpenSSLConfig

python/conf/sessionMgrProperties.xml: removed duplicate lines.

python/conf/simpleCAProperties.xml: re-added - for some reason not previously stored in

python/ adapted from Session Manager

python/ added settings for
issueCert unit test to configure certificate request.

python/ setting up
test1IssueCert unit test.

python/ added settings for
SSL and PKI.

python/ set up GRID_SECURITY_DIR environment variable

python/ Certificate Authority
web service client - updated settings for OpenSSLConfig object and issueCert method.

python/ old code from alpha version
of NDG-Security.

python/ generates client and server
side stubs for Certificate Authority web service.

python/ updated header


  • fixed regular expression for 'req_distinguished_name' pattern match
  • parameters are parsed in call to read() rather than in getReqDN method.
  • reqDN is now a property.
1<?xml version="1.0" encoding="utf-8"?>
3        <portNum/>
4    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
5    <sslCertFile></sslCertFile>
6    <sslKeyFile></sslKeyFile>
7    <caCertFile></caCertFile>
8    <certFile></certFile>
9    <keyFile></keyFile>
10    <keyPwd></keyPwd>
11    <!--
12    Set the certificate used to verify the signature of messages from the
13    client.  This can usually be left blank since the client is expected to
14    include the cert with the signature in the inbound SOAP message
15    -->
16    <clntCertFile></clntCertFile>   
17        <!--
18        OpenSSL configuration file for Certificate Request settings - not
19        required if cert request is passed into sign method
20        -->
21    <openSSLConfigFilePath/>
22        <!--
23    certExpiryDate|certLifetimeDays may be set.  If both, then certExpiryDate
24    takes precedence.  certExpiryDate has the format YYYY mm dd HH MM SS.
25    Year, month, day, hour minute, second respectively.  certLifetimeDays can
26    be entered as an expression e.g.
27    365 * 2
29    <certExpiryDate>2006 08 31 00 00</certExpiryDate>
30    -->
31    <certLifetimeDays>365*2<certLifetimeDays/>
32    <!-- Directory for temporary files generated during processing -->
33    <certTmpDir>/tmp<certTmpDir/>
34    <caCertFile></caCertFile>
35    <!-- Executable for checking the CA pass-phrase set -->
36    <chkCAPassPhraseExe>openssl</chkCAPassPhraseExe>
37    <!-- Executable for signing certificate request -->
38    <signExe>grid-ca-sign</signExe>
39    <!-- Set ':' paths for executables -->
40    <path>$GLOBUS_LOCATION/bin</>
Note: See TracBrowser for help on using the repository browser.