source: TI12-security/trunk/python/conf/simpleCAProperties.xml @ 2148

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/conf/simpleCAProperties.xml@2148
Revision 2148, 1.6 KB checked in by pjkersha, 14 years ago (diff)

python/ndg.security.server/ndg/security/server/ca/server-config.tac:

  • added check to ensure CA pass-phrase is set and if not prompt for from command line.
  • do a get call for 'clntCertFile' dict key so that it can be optional

python/ndg.security.server/ndg/security/server/ca/init.py:

  • use $HOME/.globus/simpleCA/grid-ca-ssl.conf as the default SSL config file
  • key access methods raise KeyError? on exception
  • PassPhrase? -> passphrase

python/ndg.security.server/ndg/security/server/MyProxy.py:

  • certReqDNParam attribute is no longer needed - use openSSLConfig.reqDN instead.

python/conf/simpleCAProperties.xml,
python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml:
explanation about default openSSLConfigFilePath setting

python/ndg.security.common/ndg/security/common/wsSecurity.py: check X.509 cert text
on 64th char for newline not 65th.

python/ndg.security.common/ndg/security/common/openssl.py: fix to error reading file
exception message.

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<simpleCAProp>
3        <portNum/>
4    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
5    <sslCertFile></sslCertFile>
6    <sslKeyFile></sslKeyFile>
7    <caCertFile></caCertFile>
8    <certFile></certFile>
9    <keyFile></keyFile>
10    <keyPwd></keyPwd>
11    <!--
12    Set the certificate used to verify the signature of messages from the
13    client.  This can usually be left blank since the client is expected to
14    include the cert with the signature in the inbound SOAP message
15    -->
16    <clntCertFile></clntCertFile>   
17        <!--
18        OpenSSL configuration file - omit to use globus default
19        $HOME/.globus/simpleCA/grid-ca-ssl.conf
20    <openSSLConfigFilePath/>
21        -->
22        <!--
23    certExpiryDate|certLifetimeDays may be set.  If both, then certExpiryDate
24    takes precedence.  certExpiryDate has the format YYYY mm dd HH MM SS.
25    Year, month, day, hour minute, second respectively.  certLifetimeDays can
26    be entered as an expression e.g.
27    365 * 2
28
29    <certExpiryDate>2006 08 31 00 00</certExpiryDate>
30    -->
31    <certLifetimeDays>365*2<certLifetimeDays/>
32    <!-- Directory for temporary files generated during processing -->
33    <certTmpDir>/tmp<certTmpDir/>
34    <!-- Executable for checking the CA pass-phrase set -->
35    <chkCAPassphraseExe>openssl</chkCAPassphraseExe>
36    <!-- Executable for signing certificate request -->
37    <signExe>grid-ca-sign</signExe>
38    <!-- Set ':' paths for executables
39    /usr/bin and /bin are required by grep and ? used in grid-ca-sign script
40    -->
41    <path>$GLOBUS_LOCATION/bin:/usr/bin:/bin</path>
42</simpleCAProp>
Note: See TracBrowser for help on using the repository browser.