60 | | * GT4 unlike other software packages is made directly to target location (<code>$GLOBUS_LOCATION</code>) |
61 | | * If you omit <code>gridftp</code> for <code>make</code> the entire Globus Toolkit will be build what can take several hours to complete. |
62 | | * during <code>make install</code> phase Globus configuration will be initialized |
63 | | * You can also choose to build GridFTP server or client tools be specifying <code>globus_gridftp_server</code> or <code>globus-data-management-client</code> respectively. |
| 60 | * GT4 unlike other software packages is made directly to target location (`$GLOBUS_LOCATION`) |
| 61 | * If you omit `gridftp` for `make` the entire Globus Toolkit will be build what can take several hours to complete. |
| 62 | * during `make install` phase Globus configuration will be initialized |
| 63 | * You can also choose to build GridFTP server or client tools be specifying `globus_gridftp_server` or `globus-data-management-client` respectively. |
86 | | *configure Globus (and thus GridFTP daemon) to trust a particular set of CAs (Certificate Authorities), i.e. place certificates of trusted CAs into designated directory - CA is trusted only if its CA certificate exists with the appropriate name in an appropriate directory. Moreover, for pre-ws services (including GridFTP), signing policy file must exist in the same location as CA certificate. In other words, one needs two files to trust given CA: |
87 | | :* <code>cert_hash.0</code> - the trusted CA certificate and |
88 | | :* <code>cert_hash.signing_policy</code> - the signing policy. |
89 | | :Globus services and tools looks for that directory in following locations: |
90 | | :* the value of <code>$X509_CERT_DIR</code> environment variable if it is set and the directory exists, |
91 | | :* otherwise, in <code>$HOME/.globus/certificates</code> if it exists, |
92 | | :* otherwise, in <code>/etc/grid-security/certificates</code> if it exists, |
93 | | :* otherwise, in <code>$GLOBUS_LOCATION/share/certificates</code> if it exists. |
94 | | |
95 | | {{Note}} We suggest to use <code>/etc/grid-security/certificates</code> as system wide trusted CAs directory, but remember that <code>$X509_CERT_DIR</code> and <code>$HOME/.globus/certificates</code> have higher priority. |
96 | | |
97 | | The "cert_hash.0", i.e. certificate of the CA, is provided by CA, usually with appropriate hash name. Hash name consists of 8 hex-digits and suffix ".0" (<code>e. g. 8a661490.0 </code>). Valid hash can be obtained with following command (available in <code>$GLOBUS_LOCATION/bin/)</code>: |
98 | | |
| 91 | * configure Globus (and thus GridFTP daemon) to trust a particular set of CAs (Certificate Authorities), i.e. place certificates of trusted CAs into designated directory - CA is trusted only if its CA certificate exists with the appropriate name in an appropriate directory. Moreover, for pre-ws services (including GridFTP), signing policy file must exist in the same location as CA certificate. In other words, one needs two files to trust given CA: |
| 92 | * `cert_hash.0` - the trusted CA certificate and |
| 93 | * `cert_hash.signing_policy` - the signing policy. |
| 94 | Globus services and tools looks for that directory in following locations: |
| 95 | * the value of `$X509_CERT_DIR` environment variable if it is set and the directory exists, |
| 96 | * otherwise, in `$HOME/.globus/certificates` if it exists, |
| 97 | * otherwise, in `/etc/grid-security/certificates` if it exists, |
| 98 | * otherwise, in `$GLOBUS_LOCATION/share/certificates` if it exists. |
| 99 | |
| 100 | '''Note:''' We suggest to use `/etc/grid-security/certificates` as system wide trusted CAs directory, remember that `$X509_CERT_DIR` and `$HOME/.globus/certificates` have higher priority. |
| 101 | |
| 102 | The `cert_hash.0`, i.e. certificate of the CA, is provided by CA, usually with appropriate hash name. Hash name consists of 8 hex-digits and suffix ".0" (e.g. `8a661490.0`). Valid hash can be obtained with following command (available in `$GLOBUS_LOCATION/bin/`): |
| 103 | {{{ |
| 104 | #!div style="font-size: 90%" |
| 105 | {{{#!sh |