Here are some steps to test your GridShib-CA installation. Note
that it's normal to get some browser warnings/questions about trusting
certificates, both for web sites and Java Web Start applications, as
you go through the process. If you have any problems testing, please see Troubleshooting.
From your build directory, run the post-install
tests. You'll need to do this as root or the user under which Apache
runs, so that the tests can read all the appropriate. This should go
through the process of issuing a certificate and test everything but
your Shibboleth configuration. Note that this will actually issue a
certificate from your CA, outputting the certificate and generated
private key to standard out.
# make test-post-install
Fire up your favorite browser and point it at
https://hostname/gridshib-ca-2.0.0 replacing hostname with the name
of the host on which you installed the GridShib-CA. Be sure
to use 'https'. If this didn't work then something is
fundamentally broken. Either Apache isn't installed right or a 404 error
indicates your installation didn't put the files in the right place
and you need to go review the configure options, the most likely
culprit being --with-apache-docroot.
Select one of the Sign-On methods: Shibboleth or OpenId and proceed to authenticate.
- When you are returned to the debug page, at the bottom of the page you should see a session Id and set of variables.
- You should now should be able to click on the "Java Web Start" button. Wait a few seconds and the Java web start client should launch, downloading a credential for you. After it completes you can close it.
On the command line, you should now be able to see
your grid credential by running grid-proxy-info. For example:
subject : /C=US/O=NCSA-TEST/OU=User/CNfirstname.lastname@example.org
issuer : /C=US/O=NCSA-TEST/OU=GridShib/CN=SP-CA
identity : /C=US/O=NCSA-TEST/OU=User/CNemail@example.com
type : end entity credential
strength : 1024 bits
path : /tmp/x509up_u501
timeleft : 11:58:12
If you got this far you are good to go.