The Open Science Grid (OSG) Private Key Infrastructure (PKI) Tools provide a convenient command-line interface for common X.509 certificate commands used by OSG site administrators. Formerly, this repository contained a collection of tools to request, approve, renew, and revoke certificates from the OSG Certificate Authority (CA). This repository contains tools for generating Certificate Signing Requests and for getting host or service certificates from the InCommon CA.
The osg-cert-request
tool generates certificate signing requests (CSRs)
that can be submitted to CAs (e.g. InCommon) for the purpose of obtaining host certificates.
Features:
- Bulk generation of CSRs (and associated keys)
- Easy addition of Subject Alternative Names (SANs) to each CSR
usage: osg-cert-request (-H HOSTNAME | -F HOSTFILE) -C COUNTRY -S STATE -L LOCALITY -O ORGANIZATION
[-h] [-a ALTNAMES] [-d WRITE_DIRECTORY] [-V]
See osg-cert-request -h for a description of the options.
The osg-incommon-cert-request
retrieves host or service certificates
from the InCommon CA. It requires a user account with InCommon
authorized to use the remote API, and a user certificate and key issued
by InCommon that is authorized to create host certificates for that account.
Features:
- Bulk retrieval of certificates & keys
- Easy addition of Subject Alternative Names (SANs) to each certificate
Usage: osg-incommon-cert-request [--debug] -u username -k pkey -c cert \
(-H hostname | -F hostfile) [-a altnames] [-d write_directory] \
[-O org,dept]
osg-incommon-cert-request [--debug] -u username -k pkey -c cert -t
osg-incommon-cert-request -h
osg-incommon-cert-request --version
See osg-incommon-cert-request -h or the man page for a description of the options.