-
Notifications
You must be signed in to change notification settings - Fork 18
meetings|ESGFP_OSG_PKI
| Wiki Reorganisation |
|---|
| This page has been classified for reorganisation. It has been given the category REVISE. |
| This page contains useful content but needs revision. It may contain out of date or inaccurate content. |
August 22nd 2013
Meeting Aim: Discuss OSG PKI for use in ESGF.
The main idea is that we can streamline the certificate generation process by having a 3rd party (OSG) CA generate signed certs for ESGF nodes. There already exists an ESGF Virtual Organization (VO) that Alex Sim is currently the RA.
The certificates that are generated from the submitted CSRs are signed by digicert which is valid for both host certificates and for SSL certificates. The OSG requires that the RA be authoritative over a set of domains.
TASK: (Gavin) Create list of all the domains [and anticipated domains] across all the nodes - hope to leverage new esgf-node-manager for this as well as leverage a collective signup sheet (wiki)
TASK: (Alex) Add Gavin as RA for ESGF Virtual organization
There is one issue that we need to address... all new certs will be generated with CA certs that use the SHA2 algorithm.
TASK: (ALL) Create a CA that uses SHA2 algorithm to generate certs for nodes... and test all node security functionality.
TASK: (Alex) Send Gavin information on OSG, including new base DN to use in installer.