How To Use Proxies With Ssl

Not logged in

• Browse
• Help
• Home
• Login
• Reports
• Search
• Timeline
• Wiki

• Contents
• No-Diff
• Text

 {section: How to Use Proxy Certificates With SSL Authentication}
 
 These are instructions for upgrading from HTCondor-CE 5 (HTCondor 9.0) to
-HTCondor-CE 6 (HTCondor 10.X) while using X.509 proxies for
+HTCondor-CE 6 (HTCondor 10.X) and beyond while using X.509 proxies for
 authentication. In HTCondor 9.0, GSI authentication is used when the
-client has an X.509 proxy. This is not supported in HTCondor 10.0.
-Instead, plain SSL authentication can be used to authenticate a client's
-proxy.
+client has an X.509 proxy. This is not supported in HTCondor 10.0 and beyond.
+Instead, plain SSL authentication can be used to authenticate a client's (e.g. a pilot factory) proxy.
 Once this upgrade process is complete, sites and VOs can work on
 transitioning to token authentication.
 
 1. Both client and CE should upgrade to HTCondor 9.0.20. This new release
-adds a couple minor features to enable use of a proxy with plain SSL
+adds a couple features to enable use of a proxy with plain SSL
 authentication.
 HTCondor 9.0.20 is a special release intended specifically to help CEs upgrade
 to HTCondor 10 with SSL authentication using proxies.
@@ -114,7 +113,7 @@
   SCHEDD.AUTH_SSL_REQUIRE_CLIENT_CERTIFICATE = True
 
 6. Once all of the peers of a given client or CE are authenticating
-successfully via SSL, you can upgrade to HTCondor-CE 6 and HTCondor 10.X.
+successfully via SSL, you can upgrade to HTCondor-CE 6 and HTCondor 10.X or higher.
 In order to use EGI Check-In tokens, the CE needs to be running HTCondor 10.4.0 or later.
 
 {subsection: VOMS Attributes}

This work is supported by NSF under Cooperative Agreement OAC-2030508 as part of the PATh Project. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF. Site built using CVSTrac.