Provided by: globus-simple-ca_5.0-1_all bug


       grid-ca-create - Create a CA to sign certificates for use on a grid


       grid-ca-create [ -h | -help | -usage | -version | -versions ] [ -openssl-help]

       grid-ca-create [ OPTIONS ] [ OPENSSL-OPTIONS ]


       The grid-ca-create program creates a self-signed CA certificate and related files needed
       to use the CA with other Globus tools. The grid-ca-create program prompts for information
       to use to generate the CA certificate, but the prompts may be avoided by using the command
       line options.

       By default, the grid-ca-create program creates the self-signed CA certificate, installs it
       on the current machine in its trusted certificate directory, and creates a source tarball
       which can be used to generate an RPM package for the CA. If the RPM package is installed
       on a machine, users on that machine can create certificate requests for user, host, or
       service identity certificates to be signed by the CA certificate generated by running

       If run as a privileged user, the grid-ca-create program creates the CA certificate and
       support files in the CA certificate and signing policy are installed in the
       /etc/grid-security directory. Otherwise, the files are


       The full set of command-line options to grid-ca-create follows. In addition to these,
       unknown options will be passed to the openssl command when creating the self-signed

       -help, -h, -usage
           Display the command-line options to grid-ca-create and exit.

       -version, -versions
           Display the version number of the grid-ca-create command. The second form includes
           more details.

           Overwite existing CA in the destination directory if one exists.

       -bits BITS
           Create a CA certificate with a BITS long RSA key [4096]

           Run in non-interactive mode. This will choose defaults for parameters or those
           specified on the command line without prompting. This option also implies -force.

       -dir DIRECTORY
           Create the CA in DIRECTORY. The DIRECTORY must not exist prior to running

       -subject SUBJECT
           Use SUBJECT as the subject name of the self-signed CA to create. If this is not
           specified on the command-line, grid-ca-create will default to using the subject name
           cn=Globus Simple CA, ou=$HOSTNAME, ou=GlobusTest, o=Grid.

       -email ADDRESS
           Use ADDRESS as the email address of the CA. The default instructions generated by
           grid-ca-create tell users to mail the certificate request to this address. If this is
           not specified on the command-line, grid-ca-create will default to $LOGNAME@$HOSTNAME.

       -days DAYS
           Set the default lifetime of the self-signed CA certificate to DAYS. If not set, the
           grid-ca-create program will default to 1825 days (5 years).

       -pass PASSWORD
           Use the string PASSWORD to protect the CA’s private key. This is useful for automating
           Simple CA, but may make it easier to compromise the CA if someone obtains a shell on
           the machine storing the CA’s private key.

           Disable building a source tarball for distributing the CA’s public information to
           other machines. The source tarball can be created later by using the grid-ca-package

           Create a binary GPT package containing the new CA’s public information. The package
           will be created in the current working directory. This package can be deployed by with
           the gpt-install tool.

           Create a binary GPT package containing the new CA’s public information that is
           backward-compatible with GPT 3.2. Packages created in this manner will work with
           Globus Toolkit 2.0.0-5.0.x.


       Create a simple CA in $HOME/SimpleCA:

           % grid-ca-create -noint -dir $HOME/SimpleCA

           C e r t i f i c a t e    A u t h o r i t y    S e t u p

           This script will setup a Certificate Authority for signing Globus
           users certificates.  It will also generate a simple CA package
           that can be distributed to the users of the CA.

           The CA information about the certificates it distributes will
           be kept in:


           The unique subject name for this CA is:

           cn=Globus Simple CA,, ou=GlobusTest, o=Grid

           Insufficient permissions to install CA into the trusted certifiicate
           directory (tried ${sysconfdir}/grid-security/certificates and
           Creating RPM source tarball... done


       The following environment variables affect the execution of grid-ca-create:

           Non-standard installation path of the Grid Community Toolkit.


       grid-cert-request(1), grid-ca-sign(1), grid-default-ca(1), grid-ca-package(1)


       Copyright © 1999-2014 University of Chicago