Testing of inCommon certificates
Fermilab's hosts and services are migrating to the new inCommon CA certificates.
We should test GWMS to make sure that all works OK and to be able to give suggestions to the users
Tanya sent a document to report the results of the testing:
I think the testing of GWMS should cover:
- Frontend, should be no different from picking a new certificate from the old CAs (xml config files and condor_mapfile should have the correct DN)
- Factory (same)
- CE here a new regular expression line near the end of /etc/condor/certs/condor_mapfile to map all the Fermilab hosts to STHING@daemon.opensciencegrid.org (like "GSI "^\/DC\=org\/DC\=opensciencegrid\/O=Open Science Grid\/OU\=Services\/CN\=(host\/)?([A-Za-z0-9.\-]*)$" \firstname.lastname@example.org")
The regex should map all and only FNAL hosts and extract the hostname possibly.
Our subjects will start out with:
DC=org, DC=incommon, C=US/postalCode=60510-050, ST=IL,
L=Batavia/street=MS 105 WILSON AND KIRK RDS, O=Fermi Research Alliance,
You can get samples requesting certificates or checking w/ Joe Boyd or the security team.