glite-test-certs

If you need to test a X509 authentication and VOMS based authorization in your client-server setup, then you can make use of glite-test-certs.

wget -O glite-test-certs 'http://glite.cvs.cern.ch:8180/cgi-bin/glite.cgi/org.glite.data.test-utils/glite-test-certs?view=co'
chmod +x glite-test-certs

./glite-test-certs
openssl s_server -accept 9999 -cert grid-security/hostcert.pem -key grid-security/hostkey.pem -CApath grid-security/certificates &
echo 'test' | openssl s_client -cert home/usercert.pem -key home/userkey.pem -CApath grid-security/certificates -connect localhost:9999

./glite-test-certs --some --env
source home/env_settings.sh
X509_USER_PROXY=home/user-voms.pem voms-proxy-info -all

Description

Generate test certificates for various security tests. The generated CA, host and user certificates are useless, they should not be used in production environment!

By default this program generates a CA, a user and a host certificate. With some options one can generate some more certificates.

• --certdir=<directory> The location of the test certificates (default: current directory)

• --extra=<number> The number of extra user certificates to be generated. If the --voms option is also specified, then these extra certificate will have those attributes as well.

• --voms=<FQAN> Generating a VOMS proxy with the specified FQAN included. May be specified multiple times, then all of them will be included in the same certificate.

• --client=<CN> Generating a client certificates with the specified CN. If multiple --client options are specified, then only the last one will be generated. Works together with the --voms, --wrong and --extra options.

• --clientbase=<filename> Base filename for the optional client certificates (default: 'custom').

• --some or --good Generating a basic set of normal and VOMS proxies with the following attributes: /org.acme /org.acme /org.acme/Role=Admin /org.acme /org.acme/production /org.coyote /org.coyote /org.coyote/Role=Admin /org.coyote /org.coyote/production This also enables the --extra and --voms options!

• --wrong or --bad Generating unverifiable certificates and VOMS proxies. Basically by generating a separate CA and VOMS server, and not copying their certificate into the trusted 'grid-security/certifiactes' or 'grid-security/vomsdir' directories.

• --weird or --ugly Generating valid, however weird certificates, which include dot, qotation mark and other unusual characters in their DN.

• --env Prints the environment to be used for testing.

• --clean All previously generated files and directories are removed.

• --force Force the re-generation of the certificates. Implies --clean, but processes all other options as well.

• --tar Generates a tarball in the format, what can be copied to and installed on a test server to accept the test clients.

• --rpm Generates an RPM, which can be copied to and installed on a test server to accept the test clients.

• --system Copies the system files (certificates) to the test hierarchy.

• --verbose Prints the executed commands.

• --dryrun Does not execute the commands.

Files

• <certdir>/ca CA related files

• <certdir>/grid-security host or service certificates

• <certdir>/grid-security/certificates CA certificates

• <certdir>/grid-security/vomsdir VOMS certificates

• <certdir>/home user or client certificates

-- AkosFrohner - 04 Dec 2007