source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml @ 2148

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml@2148
Revision 2148, 1.5 KB checked in by pjkersha, 14 years ago (diff)

python/ndg.security.server/ndg/security/server/ca/server-config.tac:

  • added check to ensure CA pass-phrase is set and if not prompt for from command line.
  • do a get call for 'clntCertFile' dict key so that it can be optional

python/ndg.security.server/ndg/security/server/ca/init.py:

  • use $HOME/.globus/simpleCA/grid-ca-ssl.conf as the default SSL config file
  • key access methods raise KeyError? on exception
  • PassPhrase? -> passphrase

python/ndg.security.server/ndg/security/server/MyProxy.py:

  • certReqDNParam attribute is no longer needed - use openSSLConfig.reqDN instead.

python/conf/simpleCAProperties.xml,
python/ndg.security.test/ndg/security/test/ca/simpleCAProperties.xml:
explanation about default openSSLConfigFilePath setting

python/ndg.security.common/ndg/security/common/wsSecurity.py: check X.509 cert text
on 64th char for newline not 65th.

python/ndg.security.common/ndg/security/common/openssl.py: fix to error reading file
exception message.

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<simpleCAProp>
3        <portNum>5800</portNum>
4    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
5    <sslCertFile>$NDGSEC_CA_UNITTEST_DIR/srv-cert.pem</sslCertFile>
6    <sslKeyFile>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</sslKeyFile>
7    <caCertFile>$NDGSEC_CA_UNITTEST_DIR/cacert.pem</caCertFile>
8    <certFile>$NDGSEC_CA_UNITTEST_DIR/srv-cert.pem</certFile>
9    <keyFile>$NDGSEC_CA_UNITTEST_DIR/srv-key.pem</keyFile>
10    <keyPwd/>
11    <!--
12    Set the certificate used to verify the signature of messages from the
13    client.  This can usually be left blank since the client is expected to
14    include the cert with the signature in the inbound SOAP message
15    -->
16    <clntCertFile></clntCertFile>   
17        <!--
18        OpenSSL configuration file - omit to use globus default
19        $HOME/.globus/simpleCA/grid-ca-ssl.conf
20        -->
21    <openSSLConfigFilePath>
22    $GRID_SECURITY_DIR/globus-user-ssl.conf
23    </openSSLConfigFilePath>
24    <certLifetimeDays>365</certLifetimeDays>
25    <!--
26    <certExpiryDate/>
27    -->
28    <!-- Directory for temporary files generated during processing -->
29    <certTmpDir>/tmp</certTmpDir>
30    <!-- Executable for checking the CA pass-phrase set -->
31    <chkCAPassphraseExe>openssl</chkCAPassphraseExe>
32    <!-- Executable for signing certificate request -->
33    <signExe>grid-ca-sign</signExe>
34    <!-- Set ':' paths for executables
35    /usr/bin and /bin are required by grep and ? used in grid-ca-sign script
36    -->
37    <path>$GLOBUS_LOCATION/bin:/usr/bin:/bin</path>
38</simpleCAProp>
Note: See TracBrowser for help on using the repository browser.