Administration
Create a Secure Globus Container
In order to run services securely over https, you must run a secure container. Running a secure container requires container credentials or a host certificate and corresponding private key. For more information on obtaining container credentials click here. Running a secure Globus container requires the creation of a security descriptor
which tells Globus how to configure the default container and this includes the specification of the host certificate and private key. Below we have provided an example security descriptor:
<?xml version="1.0" encoding="UTF-8"?> <securityConfig xmlns="http://www.globus.org"> <credential> <key-file value="PATH_TO_HOST_CREDENTIAL_PRIVATE_KEY"/> <cert-file value="PATH_TO_HOST_CREDENTIAL_CERTIFICATE"/> </credential> </securityConfig>
To start a secure Globus container, do the following:
- Using a new command prompt, change to the Globus location directory and start up Globus. (If globus is already running, be sure to terminate it before you proceed with starting another one.)
%> cd %GLOBUS_LOCATION%\bin
%> globus-start-container.bat -containerDesc ..\..\certificates\security-descriptor.xml
If the command completes successfully, you should see the following output:
Starting SOAP server at: https://127.0.0.1:8443/wsrf/services/ With the following services: [1]: https://127.0.0.1:8443/wsrf/services/AdminService [2]: https://127.0.0.1:8443/wsrf/services/AuthzCalloutTestService [3]: https://127.0.0.1:8443/wsrf/services/ContainerRegistryEntryService [4]: https://127.0.0.1:8443/wsrf/services/ContainerRegistryService [5]: https://127.0.0.1:8443/wsrf/services/CounterService [6]: https://127.0.0.1:8443/wsrf/services/ManagementService [7]: https://127.0.0.1:8443/wsrf/services/NotificationConsumerFactoryService [8]: https://127.0.0.1:8443/wsrf/services/NotificationConsumerService [9]: https://127.0.0.1:8443/wsrf/services/NotificationTestService [10]: https://127.0.0.1:8443/wsrf/services/PersistenceTestSubscriptionManager [11]: https://127.0.0.1:8443/wsrf/services/ResolutionService [12]: https://127.0.0.1:8443/wsrf/services/SampleAuthzService [13]: https://127.0.0.1:8443/wsrf/services/SecureCounterService [14]: https://127.0.0.1:8443/wsrf/services/SecurityTestService [15]: https://127.0.0.1:8443/wsrf/services/ShutdownService [16]: https://127.0.0.1:8443/wsrf/services/SubscriptionManagerService [17]: https://127.0.0.1:8443/wsrf/services/TestAuthzService [18]: https://127.0.0.1:8443/wsrf/services/TestCounterService [19]: https://127.0.0.1:8443/wsrf/services/TestEnumService [20]: https://127.0.0.1:8443/wsrf/services/TestRPCService [21]: https://127.0.0.1:8443/wsrf/services/TestService [22]: https://127.0.0.1:8443/wsrf/services/TestServiceRequest [23]: https://127.0.0.1:8443/wsrf/services/TestServiceWrongWSDL [24]: https://127.0.0.1:8443/wsrf/services/TransferService [25]: https://127.0.0.1:8443/wsrf/services/Version [26]: https://127.0.0.1:8443/wsrf/services/WidgetNotificationService [27]: https://127.0.0.1:8443/wsrf/services/WidgetService [28]: https://127.0.0.1:8443/wsrf/services/cagrid/CaGridTutorialService [29]: https://127.0.0.1:8443/wsrf/services/gsi/AuthenticationService