Changes between Version 14 and Version 15 of FeddConfig


Ignore:
Timestamp:
Dec 22, 2008 3:33:48 PM (15 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • FeddConfig

    v14 v15  
    3232        global fedid -> access attribute mapping database.  See the [FeddDatabases databases section] for information on the format and generation methods.
    3333 '''cert_file'''::
    34         the file containing the X509 certificate and private key for this
     34        the file containing the [FeddConfig#MakingaFedidCertificate certificate and private key] for this
    3535        server, in pem format.
    3636 '''cert_pwd'''::
     
    201201 '''tcl_splitter'''::
    202202  Script to do the splitting.  Default is `/usr/testbed/lib/ns2ir/parse.tcl`.  Most Emulabs will not include a `parse.tcl` capable of doing the split.
     203
     204== Making a Fedid Certificate ==
     205
     206Each `fedd` and client encodes an [FeddAbout#GlobalIdentifiers:Fedids fedid] as an X.509 certificate.  The `openssl` command installed on most Unices can create such a certificate.  The simplest things to do is the following:
     207
     208{{{
     209$ /usr/bin/openssl req -text -newkey rsa:1024 -keyout key.pem -nodes -subj /CN=users.isi.deterlab.net -x509 -days 3650 -out cert.pem
     210$ cat key.pem cert.pem > fedd.pem
     211}}}
     212
     213The resulting `fedd.pem` file contains an unencrypted private key and certificate.  To put a password on the key, see the `req` manual page.