cacl(1) cacl(1) NAME cacl - Certificate Authority CLient, request a digital certificate and create a Globus user environment SYNOPSIS /usr/local/apps/pki_apps/cacl DESCRIPTION The cacl program is a user utility for requesting a digital certificate. The program creates a certificate request which is sent to a CA (Certificate Authority) for signing. The user is authenticated by the CA which checks the account name and password in the request file against the account name and password in a password file. When a signed certificate is returned by the CA it is put into a .globus directory within the user's home directory. The matching private key for the certificate and a PKCS#12 version of the certificate are also put into the .globus directory. When you run the cacl program you will be prompted for your login password. The password together with account information extracted from the /etc/passwd file will be put into the certificate request. Next you will be prompted twice for a private key encryption password. This will be used to encrypt your private key which will be stored in your .globus directory. After the CA has processed your request and returned your signed certificate cacl will convert that certificate from PEM format into PKCS#12 format so that the certificate can be imported into a Netscape browser. The private key is contained within the PKCS#12 certificate file, the key is encrypted with the same password used for the key file. When you have successfully run cacl you will find a .globus directory in your home directory. That directory will contain the following files: usercert.p12 - Your digital certificate and private key in a PKCS#12 format certificate usercert.pem - Your digital certificate, signed by the CA daemon userkey.pem - Your private key matching the public key contained in your usercert.pem ERRORS Before issuing a new certificate the CA will check see if a valid certificate already exists for the user, if such a certificate exists a new certificate will not be issued. When the cacl program is run it checks to see if a .globus directory exists in the user's home directory. If a .globus directory exists it is moved to .globus.old. If both a .globus and a .globus.old exist cacl will quit. Cacl can be rerun after the .globus directory has been renamed or removed.