FAQ
Site Map
Contact Us

Security/ProxyFileFormat

From Globus

The Globus Toolkit expects files containing proxy credentials to be of the following format: PEM-encoded proxy certificate, followed by PEM-encoded private key, followed by one or more PEM-encoded certificates that form a chain from the proxy certificate to an end-entity certificate.

The PEM encoding is a base64 encoding of the DER encoding of the certificate and PKCS#1 RSAPrivateKey with additional header and footer lines.

The order of the PEM blocks in the file is significant. The proxy certificate must be first, followed by the corresponding private key, followed by the certificate chain starting from the next proxy and ending with the end entity certificate.

For example:

-----BEGIN CERTIFICATE-----
MIICcDCCAhqgAwIBAgIEU6SeXjANBgkqhkiG9w0BAQQFADCBojENMAsGA1UEChME
R3JpZDETMBEGA1UECxMKR2xvYnVzVGVzdDEmMCQGA1UECxMdc2ltcGxlQ0EtY2Fu
dmFzLm5jc2EudWl1Yy5lZHUxFjAUBgNVBAsTDW5jc2EudWl1Yy5lZHUxEzARBgNV
BAMTCkppbSBCYXNuZXkxEzARBgNVBAMTCjE3OTQxODMyNTgxEjAQBgNVBAMTCTYw
OTUyMTIwNDAeFw0wODAzMTgxNDMwNTZaFw0wODAzMTgxNTM1NTJaMIG3MQ0wCwYD
VQQKEwRHcmlkMRMwEQYDVQQLEwpHbG9idXNUZXN0MSYwJAYDVQQLEx1zaW1wbGVD
QS1jYW52YXMubmNzYS51aXVjLmVkdTEWMBQGA1UECxMNbmNzYS51aXVjLmVkdTET
MBEGA1UEAxMKSmltIEJhc25leTETMBEGA1UEAxMKMTc5NDE4MzI1ODESMBAGA1UE
AxMJNjA5NTIxMjA0MRMwEQYDVQQDEwoxNDAzMjk3Mzc0MFwwDQYJKoZIhvcNAQEB
BQADSwAwSAJBAMc0n9W1E1KjK6saavXXZ/QhLjJ/TK40uW29l/wduSrHWCu1e5Kr
6r0Oi/4KEjhk8+sgH7b0uqlNdSGZUDXdui0CAwEAAaMhMB8wHQYIKwYBBQUHAQ4B
Af8EDjAMMAoGCCsGAQUFBxUBMA0GCSqGSIb3DQEBBAUAA0EAYc1tdyGciLL8Jx7R
uuBJM5mWXFAVx09nTPc5tI0ohKRpFYO8Y8gJf9tBa2K8L1EJVqDquSfV+HMAsCaJ
BGcj2w==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBAMc0n9W1E1KjK6saavXXZ/QhLjJ/TK40uW29l/wduSrHWCu1e5Kr
6r0Oi/4KEjhk8+sgH7b0uqlNdSGZUDXdui0CAwEAAQJAVRr/ek7tHW4GtwgHUFah
2+PdF8fZG8f8vIy2hQix1jspIMC542bylMgtdNQaHX0dWYUhaI5QKc6UXPYZddIV
IQIhAOxVW8PKZEPYNpPT3rTk78Nm3jygQGbQQ9rlBtAJZeO1AiEA18hTfqLiwc4G
QlfjrGG4EslNY8zW08viAHYri2lR95kCIHMXrrTO371aklmzmIWn6EvU0O3dbP+k
9Sao2oR9zyzxAiATN+9fzwgdNMlP7V4Ew2tOmQlAg0T69iS538x/DTFUuQIgSa6K
GFZSjk6aA3Q7nD0y9WaamfIzalSKppElFbEk0Mc=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICRzCCAfGgAwIBAgIEJFSONDANBgkqhkiG9w0BAQQFADCBjjENMAsGA1UEChME
R3JpZDETMBEGA1UECxMKR2xvYnVzVGVzdDEmMCQGA1UECxMdc2ltcGxlQ0EtY2Fu
dmFzLm5jc2EudWl1Yy5lZHUxFjAUBgNVBAsTDW5jc2EudWl1Yy5lZHUxEzARBgNV
BAMTCkppbSBCYXNuZXkxEzARBgNVBAMTCjE3OTQxODMyNTgwHhcNMDgwMzE4MTQz
MDU1WhcNMDgwMzE4MTUzNTUyWjCBojENMAsGA1UEChMER3JpZDETMBEGA1UECxMK
R2xvYnVzVGVzdDEmMCQGA1UECxMdc2ltcGxlQ0EtY2FudmFzLm5jc2EudWl1Yy5l
ZHUxFjAUBgNVBAsTDW5jc2EudWl1Yy5lZHUxEzARBgNVBAMTCkppbSBCYXNuZXkx
EzARBgNVBAMTCjE3OTQxODMyNTgxEjAQBgNVBAMTCTYwOTUyMTIwNDBcMA0GCSqG
SIb3DQEBAQUAA0sAMEgCQQDEOBR2jLXIq5Exfe50eJ+1EibZqs1RMB1phqbWY4Hf
AgdqzDU2EpOgMzxmto1Eq2YfJiqAnTEqKGzhhR5DYKUdAgMBAAGjITAfMB0GCCsG
AQUFBwEOAQH/BA4wDDAKBggrBgEFBQcVATANBgkqhkiG9w0BAQQFAANBACBexIL+
TVyu0Bh0UUM89HhfYlNc+nxg7BRon6U2WTPKOo53Nllj+lV8EeqmFf12+zD68IKZ
8nG1HMR0OFkl5rw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICXjCCAcegAwIBAgIEavEQWjANBgkqhkiG9w0BAQQFADB5MQ0wCwYDVQQKEwRH
cmlkMRMwEQYDVQQLEwpHbG9idXNUZXN0MSYwJAYDVQQLEx1zaW1wbGVDQS1jYW52
YXMubmNzYS51aXVjLmVkdTEWMBQGA1UECxMNbmNzYS51aXVjLmVkdTETMBEGA1UE
AxMKSmltIEJhc25leTAeFw0wODAzMTgxNDMwNTJaFw0wODAzMTgxNTM1NTJaMIGO
MQ0wCwYDVQQKEwRHcmlkMRMwEQYDVQQLEwpHbG9idXNUZXN0MSYwJAYDVQQLEx1z
aW1wbGVDQS1jYW52YXMubmNzYS51aXVjLmVkdTEWMBQGA1UECxMNbmNzYS51aXVj
LmVkdTETMBEGA1UEAxMKSmltIEJhc25leTETMBEGA1UEAxMKMTc5NDE4MzI1ODBc
MA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDA6ypSLoaTzE5K0agRfGOriDboI92RCWza
fIInh24vMR9dwbwqu7D1ZkBoSc0VmWhX7ONy6+z9UV7oewsXdDKtAgMBAAGjITAf
MB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEFBQcVATANBgkqhkiG9w0BAQQFAAOB
gQA3aUG2Ej5KGcfCLrKOVr9DeVPVSufPn92jAICek/kiiv4rwJGoroQYyPzYPd4/
uPIXbQ9bG080zt37eMmAZrwDfieTisDRuTNweX4y23tlxN0Ob2VQ6i11Uc7E01NC
la7dZEFMQAvG1g5mL7qrmXgZE6w7crS3lisF9qz6R6m82Q==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICazCCAdSgAwIBAgIBCzANBgkqhkiG9w0BAQQFADBnMQ0wCwYDVQQKEwRHcmlk
MRMwEQYDVQQLEwpHbG9idXNUZXN0MSYwJAYDVQQLEx1zaW1wbGVDQS1jYW52YXMu
bmNzYS51aXVjLmVkdTEZMBcGA1UEAxMQR2xvYnVzIFNpbXBsZSBDQTAeFw0wNzA1
MzAxNDI5MjVaFw0wODA1MjkxNDI5MjVaMHkxDTALBgNVBAoTBEdyaWQxEzARBgNV
BAsTCkdsb2J1c1Rlc3QxJjAkBgNVBAsTHXNpbXBsZUNBLWNhbnZhcy5uY3NhLnVp
dWMuZWR1MRYwFAYDVQQLEw1uY3NhLnVpdWMuZWR1MRMwEQYDVQQDEwpKaW0gQmFz
bmV5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvgJ/ADij832USceZyBoKq
cCs4LqPKiNBerhpGdfRIq2eu08I9u3qKeKBNxabflCMgMnYnKIGRxLAbQDH1Z2Io
mopW9eF25zm6aupU0e08U0y1F36gB+b0wSl71uMZtrTYE+Wb3woLFT+jcnxgvi5X
+gxlgdNp4BVZUl28FrEuowIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBPAwDQYJ
KoZIhvcNAQEEBQADgYEAiVhf6rWOtE96vRRvJh/saLB+oKjBEw3CWac7XLIDQ6ic
F/pxGWjumJMwgmwA+g1OmMqKA2YuproRPZCwJgfwzChAKDKo6HJ9IQRgX1IjXBXh
4td1Y+3zag2BfjuZqje768Es4SePCq+Zfd3YJyr3ydN8wqnCrhX8GEQrg+BPBmw=
-----END CERTIFICATE-----

The example above contains:

RFC 3820 proxy certificate with Subject: O=Grid, OU=GlobusTest, OU=simpleCA-canvas.ncsa.uiuc.edu, OU=ncsa.uiuc.edu, CN=Jim Basney, CN=1794183258, CN=609521204, CN=1403297374
private key corresponding to the above proxy certificate
RFC 3820 proxy certificate with Subject: O=Grid, OU=GlobusTest, OU=simpleCA-canvas.ncsa.uiuc.edu, OU=ncsa.uiuc.edu, CN=Jim Basney, CN=1794183258, CN=609521204
RFC 3820 proxy certificate with Subject: O=Grid, OU=GlobusTest, OU=simpleCA-canvas.ncsa.uiuc.edu, OU=ncsa.uiuc.edu, CN=Jim Basney, CN=1794183258
RFC 3280 end entity certificate with Subject: O=Grid, OU=GlobusTest, OU=simpleCA-canvas.ncsa.uiuc.edu, OU=ncsa.uiuc.edu, CN=Jim Basney

See also Security/ProxyCertTypes.

Retrieved from "http://dev.globus.org/wiki/Security/ProxyFileFormat"

Views

Personal tools

Log in

Common Runtime projects

Data projects

Execution Projects

Information projects

MDS4

Security Projects

Distribution Projects

Globus Toolkit

Documentation Projects

GT Release Manuals

Incubator Projects

Deprecated

Pre-WS MDS (MDS2)

Search

Toolbox