If you need to test a X509 authentication and VOMS based authorization in your client-server setup, then you can make use of glite-test-certs.

wget -O glite-test-certs ''
chmod +x glite-test-certs

openssl s_server -accept 9999 -cert grid-security/hostcert.pem -key grid-security/hostkey.pem -CApath grid-security/certificates &
echo 'test' | openssl s_client -cert home/usercert.pem -key home/userkey.pem -CApath grid-security/certificates -connect localhost:9999

./glite-test-certs --some --env
source home/
X509_USER_PROXY=home/user-voms.pem voms-proxy-info -all


Generate test certificates for various security tests. The generated CA, host and user certificates are useless, they should not be used in production environment!

By default this program generates a CA, a user and a host certificate. With some options one can generate some more certificates.

  • --certdir=<directory> The location of the test certificates (default: current directory)

  • --extra=<number> The number of extra user certificates to be generated. If the --voms option is also specified, then these extra certificate will have those attributes as well.

  • --voms=<FQAN> Generating a VOMS proxy with the specified FQAN included. May be specified multiple times, then all of them will be included in the same certificate.

  • --client=<CN> Generating a client certificates with the specified CN. If multiple --client options are specified, then only the last one will be generated. Works together with the --voms, --wrong and --extra options.

  • --clientbase=<filename> Base filename for the optional client certificates (default: 'custom').

  • --some or --good Generating a basic set of normal and VOMS proxies with the following attributes: /org.acme /org.acme /org.acme/Role=Admin /org.acme /org.acme/production /org.coyote /org.coyote /org.coyote/Role=Admin /org.coyote /org.coyote/production This also enables the --extra and --voms options!

  • --wrong or --bad Generating unverifiable certificates and VOMS proxies. Basically by generating a separate CA and VOMS server, and not copying their certificate into the trusted 'grid-security/certifiactes' or 'grid-security/vomsdir' directories.

  • --weird or --ugly Generating valid, however weird certificates, which include dot, qotation mark and other unusual characters in their DN.

  • --env Prints the environment to be used for testing.

  • --clean All previously generated files and directories are removed.

  • --force Force the re-generation of the certificates. Implies --clean, but processes all other options as well.

  • --tar Generates a tarball in the format, what can be copied to and installed on a test server to accept the test clients.

  • --rpm Generates an RPM, which can be copied to and installed on a test server to accept the test clients.

  • --system Copies the system files (certificates) to the test hierarchy.

  • --verbose Prints the executed commands.

  • --dryrun Does not execute the commands.


  • <certdir>/ca CA related files

  • <certdir>/grid-security host or service certificates

  • <certdir>/grid-security/certificates CA certificates

  • <certdir>/grid-security/vomsdir VOMS certificates

  • <certdir>/home user or client certificates

-- AkosFrohner - 04 Dec 2007

Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2007-12-05 - AkosFrohner
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback