Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site
VDT comes with a set of files for well-known CAs (Certificate Authorities). More specifically these files are public keys and signing policies for various CAs.Having public keys for certain CAs installed in an appropriate location (see below) allows you to authenticate against remote hosts and services certified by these CA's.
As of VDT 1.11.0, the VDT gives the user an option to install CA files into any directory. Common installation directories are:
/etc/grid-security/certificates (if user has access to
these directories)$VDT_LOCATION/globus/share/certificates/nfs/certificates to share the
certificates on NFS to worker nodes)
How do you know which one to choose?
/etc/grid-security/certificates. Note that this option will only be available to users installing as "root".
/etc/grid-security then you should choose the 'local' option.
/etc/grid-security/certificates (e.g. by a system administrator) and would like to use them, you will need to create a symlink from $VDT_LOCATION/globus/TRUSTED_CA pointing at your certificates.
More information on installing the certificates
When the CA Certificates are installed, the VDT does the following as part of the install process:
$VDT_LOCATION/globus/TRUSTED_CA to point to the true location of the certificates directory (based on user's choice discussed above)
X509_CERT_DIR environment variable in the $VDT_LOCATION/setup.*sh files to point to $VDT_LOCATION/globus/TRUSTED_CA. This ensures that Globus components always use the trusted CAs' files from the VDT installation, provided, of course, that the user sources the corresponding setup.*sh file before using VDT components (as any good user should).
See also: