Changes between Version 14 and Version 15 of FeddConfig
- Timestamp:
- Dec 22, 2008 3:33:48 PM (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
FeddConfig
v14 v15 32 32 global fedid -> access attribute mapping database. See the [FeddDatabases databases section] for information on the format and generation methods. 33 33 '''cert_file''':: 34 the file containing the X509 certificate and private keyfor this34 the file containing the [FeddConfig#MakingaFedidCertificate certificate and private key] for this 35 35 server, in pem format. 36 36 '''cert_pwd''':: … … 201 201 '''tcl_splitter''':: 202 202 Script to do the splitting. Default is `/usr/testbed/lib/ns2ir/parse.tcl`. Most Emulabs will not include a `parse.tcl` capable of doing the split. 203 204 == Making a Fedid Certificate == 205 206 Each `fedd` and client encodes an [FeddAbout#GlobalIdentifiers:Fedids fedid] as an X.509 certificate. The `openssl` command installed on most Unices can create such a certificate. The simplest things to do is the following: 207 208 {{{ 209 $ /usr/bin/openssl req -text -newkey rsa:1024 -keyout key.pem -nodes -subj /CN=users.isi.deterlab.net -x509 -days 3650 -out cert.pem 210 $ cat key.pem cert.pem > fedd.pem 211 }}} 212 213 The resulting `fedd.pem` file contains an unencrypted private key and certificate. To put a password on the key, see the `req` manual page.