An entity that issues certificates.

The CA's certificate. This certificate is used to verify signature on certificates issued by the CA. GSI typically stores a given CA certificate in /etc/grid-security/certificates/<hash>.0, where <hash> is the hash code of the CA identity.

The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate. In GSI the signing policy for a given CA can typically be found in /etc/grid-security/certificates/<hash>.signing_policy, where <hash> is the hash code of the CA identity. For more information see [add link].

A public key and information about the certificate owner bound together by the digital signature of a CA. In the case of a CA certificate the certificate is self signed, i.e. it was signed using its own private key.

A list of revoked certificates generated by the CA that originally issued them. When using GSI this list is typically found in /etc/grid-security/certificates/<hash>.r0, where <hash> is the hash code of the CA identity.

A identifier for the certificate owner, e.g. "/DC=org/DC=doegrids/OU=People/CN=John Doe 123456". The subject is part of the information the CA binds to a public key when creating a certificate.

The combination of a certificate and the matching private key.

A certificate belonging to a non-CA entity, e.g. you, me or the computer on your desk.

A file that configures the Generic Authorization and Access control GAA libraries. When using GSI this file is typically found in /etc/grid-security/gsi-gaa.conf.

A file containing entries mapping certificate subjects to local user names. This file can also serve as a access control list for GSI enabled services and is typically found in /etc/grid-security/grid-mapfile. For more information see the Gridmap file.

The directory containing GSI configuration files such as the GSI authorization callout configuration and GAA configuration files. Typically this directory is /etc/grid-security. For more information see Grid security directory.

A file that configures authorization callouts to be used for mapping and authorization in GSI enabled services. When using GSI this file is typically found in /etc/grid-security/gsi-authz.conf.

An EEC belonging to a host. When using GSI this certificate is typically stored in /etc/grid-security/hostcert.pem. For more information on possible host certificate locations see the Credentials.

The combination of a host certificate and its corresponding private key..

The private part of a key pair. Depending on the type of certificate the key corresponds to it may typically be found in $HOME/.globus/userkey.pem (for user certificates), /etc/grid-security/hostkey.pem (for host certificates) or /etc/grid-security/<service>/<service>key.pem (for service certificates). For more information on possible private key locations see the Credentials

A short lived certificate issued using a EEC. A proxy certificate typically has the same effective subject as the EEC that issued it and can thus be used in its stead. GSI uses proxy certificates for single sign on and delegation of rights to other entities.

The combination of a proxy certificate and its corresponding private key. GSI typically stores proxy credentials in /tmp/x509up_u<uid> , where <uid> is the user id of the proxy owner.

The public part of a key pair used for cryptographic operations (e.g. signing, encrypting).

A EEC for a specific service (e.g. FTP or LDAP). When using GSI this certificate is typically stored in /etc/grid-security/<service>/<service>cert.pem. For more information on possible service certificate locations see the Credentials.

The combination of a service certificate and its corresponding private key.

Uses transport-level security (TLS) mechanisms.

The directory containing the CA certificates and signing policy files of the CAs trusted by GSI. Typically this directory is /etc/grid-security/certificates. For more information see Grid security directory.

A EEC belonging to a user. When using GSI this certificate is typically stored in $HOME/.globus/usercert.pem. For more information on possible user certificate locations see Credentials.

The combination of a user certificate and its corresponding private key.