Latest Release‎ > ‎



  • You must be familiar with installing and configuring an Apache web server with SSL/TLS support.
  • If you want to use Shibboleth, you must be familiar with installing and configuring Shibboleth Service Provider (SP) software.
Time: Once you have all the prerequisites on this page installed, installing the GridShib-CA is just a few minutes. Installing all the prerequisites can take a few hours (mostly waiting for stuff to build or self-test).

Privileges: It's assumed you have root access to the system in question. If you just want to use OpenId, you might be able to run the software in a web server running as you, but this is untested and undocumented.


  • If you want to use the Shibboleth functionality of the GridShib-CA, you will need an account with a Shibboleth Identity Provider. If you're really familiar with installing Shibboleth SP software you presumably already have one, but in case not, you can use ProtectNetwork.
  • If you want to use the OpenId functionality of the GridShib-CA, you will need an account with an OpenId Identity Provider. If you don't have one, you can obtain one at myOpenID.

Software: You should have a Unix/Linux system on which to install the GridShib CA, with the following software installed:

  • Apache HTTP Server (Tested with 2.0.54). You need to have HTTPS/SSL configured on the server (the best documentation for this seems to be the file README.QUICKSTART.SSL which should be included with your server.)

  • Shibboleth SP software


  • Perl (Version 5.8.5 or later should work, early versions might.)

Extra Perl modules. Install the following extra Perl modules via CPAN:

 The following command line should handle the installation:
sudo cpan CGI::Session Config::General Crypt::OpenSSL::X509 Error \
Date::Parse IO::Socket::SSL Net::OpenID::Consumer Text::Template

Note that the Net::OpenID::Consumer module relies on Crypt::DH, which can take about an hour to install because of all of its tests.

  • OpenSSL Both the binary and the development libraries and header files. Version 0.9.7 or later.

After installing prerequisites, please proceed to Apache Configuration.