Provided by: gridsite-clients_3.0.0~20180202git2fdbc6f-1build2_amd64 bug


       htproxyput,   htproxydestroy,  htproxytime,  htproxyunixtime,  htproxyrenew  -  GSI  proxy
       delegations and querying, using GridSite/gLite delegation API


       htproxyput, htproxydestroy, htproxytime, htproxyunixtime, htproxyrenew [options]  Service-

       htproxyinfo [options]


       htproxyput  is  a  client  to  perform  GSI  proxy  delegations  using  the GridSite/gLite
       delegation  Web  Service  portType.  The  gridsite-delegation(8)  CGI   program   is   the
       complementary server-side implementation.

       htproxyinfo  examines  a local copy of a GSI proxy, and outputs a summary of its X.509 and
       VOMS contents.


              Turn on debugging information.

       --delegation-id <ID>
              Explicitly specify the Delegation ID to use.

              Instead of delegating a proxy, delete the proxy from  the  service's  proxy  cache.
              Calling the program as htproxydestroy has the same effect.

       --time Instead  of  delegating  a  proxy,  report the expiration time of the proxy, in the
              local time of the client. Calling the program as htproxytime has the same effect.

              Instead of delegating a proxy, report the expiration time  of  the  proxy,  as  the
              number   of   seconds  since  00:00:00  1970-01-01  UTC.  Calling  the  program  as
              htproxyunixtime has the same effect.

              Delegate an updated version of an existing proxy. The Delegation ID must  be  given
              when using this option. Calling the program as htproxyrenew has the same effect.

       --info Examine a local proxy file, and output a summary of the X.509 certificates and VOMS
              attributes it contains. Calling the program as htproxyinfo has the same effect.

       --cert <X.509 cert path>  and  --key <X.509 key path>
              Path to the PEM-encoded X.509 or GSI Proxy user certificate  and  key  to  use  for
              HTTPS  connections,  instead of "anonymous mode." If only one of --key or --cert is
              given, then that will be tried for both. If neither is given,  then  the  following
              order  of  precedence  is used: the file name held by the variable X509_USER_PROXY;
              the file /tmp/x509up_uID (with Unix UID equal  to  ID);  the  file  names  held  by
              X509_USER_CERT    /    X509_USER_KEY;    the   files   ~/.globus/usercert.pem   and
              ~/.globus/userkey.pem (where ~/ is the home directory of the user.)

       --capath <X.509 CA root certs directory or file>
              Path to the PEM-encoded CA root certificates to use when verifying remote  servers'
              host  certificates  in  HTTPS  connections.  Ideally  this should be a directory of
              hash.0 files as described in the OpenSSL verify(1) man page, but a file may be used
              instead.  If  --capath  is  not  given,  the  value  of  the  environment  variable
              X509_CERT_DIR  will  be  tried.   If   this   is   not   valid,   then   /etc/grid-
              security/certificates will be used.

              Do  not use CA root certificates to verify remote servers' host certificates.  This
              is useful for testing sites before their certificate is set up properly, but leaves
              you  vulnerable  to  "man in the middle" attacks by hostile servers masquerading as
              your target.


              Default GSI Proxy file for Unix UID equal to ID.

              Default location for trusted Certification Authority root certificates to use  when
              checking server certificates.

              Prior  to  7.9.8,  the  underlying  curl  library  did  not  support  the  CA  root
              certificates directory.  If built with an old version of libcurl,  htproxyput  will
              concatenate the certificates in the CA roots directory into a unique temporary file
              and use that.


              Holds directory to  search  for  Certification  Authority  root  certificates  when
              verifying  server  certificates.  (Tried  if  --capath  is not given on the command

              Holds file name of a GSI Proxy to use as user  certificate.  (Tried  if  --cert  or
              --key are not given on the command line.)

       X509_USER_CERT and X509_USER_KEY
              Holds file name of X.509 user certificate and key. (Tried if X509_USER_PROXY is not


       0 is returned on complete success, and non-zero on error.


       Better error recovery.


       Andrew McNab <>

       htproxyput is part of GridSite:


       htcp(1), gridsite-delegation(8)