$value) { echo("
\n"); echo(" \n"); echo(" \"".$value[2]."\"\n"); echo(" \n"); echo("
\n"); } ?>
News
  1. A lecture "Interoperation between production grids using high-level environment" was given during Cracow Grid Workshop'10
  2. On SC2009 conference, an exhibition of Pionier, FZJ, EGEE/EGI and EPCC, between 17th and 19th November, will present how can Kepler environment be used to mix HPC and grid jobs and execute them in parallel
  3. Migrating Desktop tutorial is ported to our wiki. You can always navigate there for the latest version
Security

To increase security level:
  1. sign all plug-in libraries (using certificate signed by one of the X# Certificate Authorities, if it is possible)
  2. make all plug-in files (XML and libraries) available using https protocol which use TLS (SSL) protection

Jar signing

The security policy is still a matter of discussion of Integration Team, so there are no restrictive rules defining certificates that should be used for jar signing. To sign a jar, using existing certificate verified by one of X# CA, certificate (and private key) should be first exported into file of PKCS12 format, that can be use as java "keystore"


Exporting certificate

To export certificate OpenSSL toolkit can be used.
Command syntax:

openssl pkcs12 -export -chain
  • -inkey <private key file path>
  • -in <certificate file path>
  • -out <keystore user defined name>
  • -CApath /etc/grid-security/certificates/
  • -name <certificate alias>
(see open ssl documentation for details http://www.openssl.org/docs/ )

Syntax

Command syntax:

jarsigner -keystore <keystore user defined name>
  • -storetype PKCS12
  • -storepass <keystore passwd> <jar file name> <certificate alias>
See http://java.sun.com/j2se/1.4.2/docs/tooldocs/tools.html#security for detailed jarsigner tool description