By default, the grid-default-ca program displays a list of installed CA certificates and the prompts the user for which one to set as the default. If invoked with the -list command-line option, grid-default-ca will print the list and not prompt nor set the default CA. If invoked with the -ca option, it will not list or prompt, but set the default CA to the one with the hash that matches the CA-HASH argument to that option. If grid-default-ca is used to set the default CA, the caller of this program must have write permissions to the trusted certificate directory.
The grid-default-ca program sets the CA in the one of the grid security directories. It looks in the directory named by the GRID_SECURITY_DIR environment, the X509_CERT_DIR, /etc/grid-security, and $GLOBUS_LOCATION/share/certificates.
The full set of command-line options to grid-default-ca are:
-help, -h, -usage, -u
List the contents of the trusted certificate directory that contain the string Example:
% grid-default-ca | grep Example 15) cd1186ff - /DC=org/DC=Example/DC=Grid/CN=Example CA
Choose that CA as the default:
% grid-default-ca -ca cd1186ff setting the default CA to: /DC=org/DC=Example/DC=Grid/CN=Example CA linking /etc/grid-security/certificates/grid-security.conf.cd1186ff to /etc/grid-security/certificates/grid-security.conf linking /etc/grid-security/certificates/grid-host-ssl.conf.cd1186ff to /etc/grid-security/certificates/grid-host-ssl.conf linking /etc/grid-security/certificates/grid-user-ssl.conf.cd1186ff to /etc/grid-security/certificates/grid-user-ssl.conf ...done.
The following environment variables affect the execution of grid-default-ca:
The grid-default-ca program displays CAs from all of the directories in its search list; however, grid-cert-request only uses the first which contains a grid security configuration.
The grid-default-ca program may display the same CA multiple times if it is located in multiple directories in its search path. However, it does not provide any information about which one would actually be used by the grid-cert-request command.
University of Chicago