etoken-ca-client

NAME
SYNOPSIS
DESCRIPTION
FILES
EXIT VALUES
BUGS
SEE ALSO
AUTHORS
COPYRIGHT

NAME

etoken-ca-client − MyProxy certificate_issuer_program for etoken-ca-server

SYNOPSIS

etoken-ca-client

DESCRIPTION

Client for etoken-ca-server, which can be used as a "certificate_issuer_program" for a MyProxy server. All configuration is done via sysconfig variables set in /etc/sysconfig/etoken-ca. Together with the server this provides a way to fully privilege separate a MyProxy server and the pincode for unlocking the eToken containing the private key for the CA.

The client expects input on STDIN (from a MyProxy server) consisting of a list of key-value pairs, followed by a PEM-encoded certificate signing request. The client stores this in a temporary file (in /var/cache/etoken-ca/request). It then creates a symbolic link in that same directory. This triggers the etoken-ca-server to read and process the file to produce a certificate. Upon success, the etoken-ca-server will create a symlink to the new file in again the same directory. The client will then write the output to STDOUT or produce an error on STDERR.

FILES

/etc/sysconfig/etoken-ca

Configuration file for etoken-ca-client, etoken-ca-server and revoke-cert.

/var/cache/etoken-ca/request

Directory for exchanging request and certificate between client and server.

EXIT VALUES

0

Success.

1

Failure.

BUGS

Please report any errors to the Nikhef Grid Middleware Security Team <grid-mw-security-support@nikhef.nl>.

SEE ALSO

etoken-ca-server(8), etoken-ca(5), revoke-cert(8), myproxy-server.config(5)

AUTHORS

Written by Mischa Sallé

COPYRIGHT

Copyright © 2016- FOM-Nikhef