C
- Certificate Authority ( CA )
An entity that issues certificates.
- CA Certificate
The CA's certificate. This certificate is used to verify signature on certificates issued by the CA. GSI typically stores a given CA certificate in
/etc/grid-security/certificates/
, where <hash> is the hash code of the CA identity.<hash>
.0- CA Signing Policy
The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate. In GSI the signing policy for a given CA can typically be found in
/etc/grid-security/certificates/
, where <hash> is the hash code of the CA identity. For more information see [add link].<hash>
.signing_policy- certificate
A public key and information about the certificate owner bound together by the digital signature of a CA. In the case of a CA certificate the certificate is self signed, i.e. it was signed using its own private key.
- Certificate Revocation List (CRL)
A list of revoked certificates generated by the CA that originally issued them. When using GSI this list is typically found in
/etc/grid-security/certificates/
, where <hash> is the hash code of the CA identity.<hash>
.r0- certificate subject
A identifier for the certificate owner, e.g. "/DC=org/DC=doegrids/OU=People/CN=John Doe 123456". The subject is part of the information the CA binds to a public key when creating a certificate.
- credentials
The combination of a certificate and the matching private key.
E
G
- GAA Configuration File
A file that configures the Generic Authorization and Access control GAA libraries. When using GSI this file is typically found in
/etc/grid-security/gsi-gaa.conf
.- grid map file
A file containing entries mapping certificate subjects to local user names. This file can also serve as a access control list for GSI enabled services and is typically found in
/etc/grid-security/grid-mapfile
. For more information see the Gridmap file.- grid security directory
The directory containing GSI configuration files such as the GSI authorization callout configuration and GAA configuration files. Typically this directory is
/etc/grid-security
. For more information see Grid security directory.- GSI authorization callout configuration file
A file that configures authorization callouts to be used for mapping and authorization in GSI enabled services. When using GSI this file is typically found in
/etc/grid-security/gsi-authz.conf
.
H
- host certificate
An EEC belonging to a host. When using GSI this certificate is typically stored in
/etc/grid-security/hostcert.pem
. For more information on possible host certificate locations see the Credentials.- host credentials
The combination of a host certificate and its corresponding private key..
P
- private key
The private part of a key pair. Depending on the type of certificate the key corresponds to it may typically be found in
$HOME/.globus/userkey.pem
(for user certificates),/etc/grid-security/hostkey.pem
(for host certificates) or/etc/grid-security/
(for service certificates). For more information on possible private key locations see the Credentials<service>
/<service>
key.pem- proxy certificate
A short lived certificate issued using a EEC. A proxy certificate typically has the same effective subject as the EEC that issued it and can thus be used in its stead. GSI uses proxy certificates for single sign on and delegation of rights to other entities.
- proxy credentials
The combination of a proxy certificate and its corresponding private key. GSI typically stores proxy credentials in
/tmp/x509up_u
, where <uid> is the user id of the proxy owner.<uid>
- public key
The public part of a key pair used for cryptographic operations (e.g. signing, encrypting).
S
- service certificate
A EEC for a specific service (e.g. FTP or LDAP). When using GSI this certificate is typically stored in
/etc/grid-security/
. For more information on possible service certificate locations see the Credentials.<service>
/<service>
cert.pem- service credentials
The combination of a service certificate and its corresponding private key.
T
- transport-level security
Uses transport-level security (TLS) mechanisms.
- trusted CAs directory
The directory containing the CA certificates and signing policy files of the CAs trusted by GSI. Typically this directory is
/etc/grid-security/certificates
. For more information see Grid security directory.
U
- user certificate
A EEC belonging to a user. When using GSI this certificate is typically stored in
$HOME/.globus/usercert.pem
. For more information on possible user certificate locations see Credentials.- user credentials
The combination of a user certificate and its corresponding private key.