Note: This version of the VDT (1.11.0) is no longer supported. Feel free to look through the documentation and install it, but we cannot guarantee support for it. The current stable release is 2.0.0.
VDT comes with a set of files for well-known CAs (Certificate Authorities). More specifically these files are public keys and signing policies for various CAs.Having public keys for certain CAs installed in an appropriate location (see below) allows you to authenticate against remote hosts and services certified by these CA's.
As of VDT 1.11.0, the VDT gives the user an option to install CA files into any directory. Common installation directories are:
/etc/grid-security/certificates (if user has access to
these directories)$VDT_LOCATION/globus/share/certificates/nfs/certificates to share the
certificates on NFS to worker nodes)
How do you know which one to choose?
/etc/grid-security/certificates. Note that this option will only be available to users installing as "root".
/etc/grid-security then you should choose the 'local' option.
/etc/grid-security/certificates (e.g. by a system administrator) and would like to use them, you will need to create a symlink from $VDT_LOCATION/globus/TRUSTED_CA pointing at your certificates.
More information on installing the certificates
When the CA Certificates are installed, the VDT does the following as part of the install process:
$VDT_LOCATION/globus/TRUSTED_CA to point to the true location of the certificates directory (based on user's choice discussed above)
X509_CERT_DIR environment variable in the $VDT_LOCATION/setup.*sh files to point to $VDT_LOCATION/globus/TRUSTED_CA. This ensures that Globus components always use the trusted CAs' files from the VDT installation, provided, of course, that the user sources the corresponding setup.*sh file before using VDT components (as any good user should).
See also: