Install

Windows Installation Process:

Software Requirements:

Operating System: Microsoft Windows (XP, Vista, 2003, etc)

Java JDK 1.5+ (available from http://java.sun.com/javase/downloads/index.jsp)

Note: Create a JAVA_HOME environment variable that points to your Java installation.

Installing Apache Tomcat

    1. Download Apache Tomcat 5.5.27 (available from http://tomcat.apache.org/download-55.cgi)
    2. Extract the Zip file to C:\
    3. Change directory to C:\apache-tomcat-5.5.27\conf
    4. Make a backup copy of the server.xml file.
    5. Create a CATALINA_HOME environment variable that points to: c:\apache-tomcat-5.5.27
    6. Add %CATALINA_HOME%\bin to the %PATH% variable

Ant 1.6+ (available from http://ant.apache.org/bindownload.cgi)

Create an environment variable for ANT_HOME Example: ANT_HOME=c:\apache-ant-1.7.1

Add %ANT_HOME%\bin to %PATH%

OpenSSL 0.9.8+ (for example Win32 OpenSSL v0.9.8k Light- http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8k.exe )

Installing OpenSSL

1. Download OpenSSL v0.9.8k to a local directory

2. Double click on the executable file to start the installation

3. Change the installation directory to c:\OpenSSL and accept all defaults.

4. Change directory to c:\openSSL

5. Create the following directories: c:\OpenSSL\demoCA c:\OpenSSL\demoCA\private c:\openSSL\newcerts

6. Create an empty index.txt file in the c:\OpenSSL\demoCA directory

7. Create a serial file in the c:\OpenSSL\demoCA directory with the following text on the first line: 01

8. Change directory to c:\OpenSSL\demoCA

9. Generate a certificate authority using the following command:

openssl genrsa -rand -des -out private\cakey.pem 1024

10. Create a self-signed certificate using the following command:

openssl req -config c:\OpenSSL\bin\openssl.cfg -x509 -new -days 365 -key private\cakey.pem -out cacert.pem

Enter the following information according to your site:

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:PHGRID

Organizational Unit Name (eg, section) []:phgrid.net

Common Name (eg, YOUR name) []:PHGRID

Email Address []:youremail@domain.com

11. Using a command prompt, make the directory c:\etc\grid-security\keys

12. Change directory to c:\openSSL

13. Create a keystore using the following commands:

keytool -genkey -keyalg RSA -keystore c:\etc\grid-security\keys\.keystore -storepass changeit -keypass changeit -alias your_host_name -dname “CN=your_hostname, OU=phgrid.net, O=PHGRID, L=your_city, ST=your_state, C=US”

IMPORTANT NOTE: The password value should be changeit If you choose not to use changeit as the password value, you must add the keystorepass parameter to your server.xml file.

14. Create a certificate signing request using the following command:

keytool -certreq -keystore c:\etc\grid-security\keys\.keystore -storepass changeit -alias your_hostname -file c:\etc\grid-security\keys\your_hostnameCSR.pem

15. Change directory to c:\openSSL

16. Sign the certificate using the following command:

openssl ca -config c:\OpenSSL\bin\openssl.cfg -in c:\etc\grid-security\keys\your_hostnameCSR.pem -out c:\etc\grid-security\keys\your_hostnameCert.pem -keyfile c:\OpenSSL\demoCA\private\cakey.pem -cert c:\OpenSSL\demoCA\cacert.pem

17. Import the CA into the keystore using the following command:

keytool -import -keystore c:\etc\grid-security\keys\.keystore -storepass changeit -alias tomcat -file c:\OpenSSL\demoCA\cacert.pem

Assumptions:

All prerequisite software has been installed by this point.

Globus Version 4.0.5 is being installed.

Starting the Installation

1. Download Globus Java Core from http://www-unix.globus.org/toolkit/survey/index.php?download=ws-core-4.0.5-bin.zip

2. Create the directory: "c:\gt4"

3. Extract the ws-core-4.0.5-bin.zip file to "c:\gt4"

4. Create the environment variable GLOBUS_LOCATION=c:\gt4\ws-core-4.0.5

5. Add c:\gt4\ws-core-4.0.5\bin to the %PATH% environment variable

6. Create the directory: c:\etc\grid-security\certificates

7. Download 31f15ec4.0 and 31f15ec4.signing_policy from the PHGrid Wiki site and copy the files to c:\etc\grid-security\certificates

Hash file - http://sites.google.com/site/phgrid/Home/installation-procedurs/ncphilabsimplecainfo/31f15ec4.0?attredirects=0

Signing Policy - http://sites.google.com/site/phgrid/Home/installation-procedurs/ncphilabsimplecainfo/31f15ec4.signing_policy?attredirects=0

8. Open a command prompt and change directory to: c:\etc\grid-security\

9. Request the new certificate by running the following commands:

1) %GLOBUS_LOCATION%\bin\grid-cert-request -host [hostname] -int

This will enter interactive mode for generating a request.

2) Enter CA email address: DWashington1@cdc.gov

3) Enter name component: o

Enter 'O' value: PHGRID

4) Enter name component: ou

Enter 'OU' value: "phgrid.net"

5) Enter name component: ou

Enter 'OU' value: Globus Public Health NCPHI

6) Enter name component: cn

Enter 'CN' value:[fully qualified host name-e.g. hostname.domainname.gov]

7) Enter name component: [hit enter]

8) Email the resulting C:\Documents and Settings\[username]\.globus\hostcert_request.pem to DWashington1@cdc.gov

9) Copy the pem file you receive from NCPHI to c:\etc\grid-security\containercert.pem

10) Copy the hostkey.pem file from c:\Documents and Settings\[username]\.globus\hostkey.pem to c:\etc\grid-security\hostkey.pem (generated along with hostcert_request.pem in step #7)

11) Copy the c:\etc\grid-security\hostkey.pem file to c:\etc\grid-security\containerkey.pem

10. Run the following command to validate correct host certificate installation:

openssl verify -CApath c:\etc\grid-security\certificates -purpose sslserver c:\etc\grid-security\containercert.pem

You should get a message like: "c:\etc\grid-security\containercert.pem: OK" if the verification is successful.

11. Open a command prompt and change directory to: %USERPROFILE%

12. Use the mkdir command to create the directory: .globus and .globus\certificates

13. Run the following commands to request a user certificate:

1) %GLOBUS_LOCATION%\bin\grid-cert-request -int

This will enter interactive mode for generating a request.

2) Enter CA email address: DWashington1@cdc.gov

3) Enter name component: o

Enter 'O' value: PHGRID

4) Enter name component: ou

Enter 'OU' value: phgrid.net

5) Enter name component: ou

Enter 'OU' value: Globus Public Health NCPHI

6) Enter name component: ou

Enter 'OU' value: phgrid.net

7) Enter name component: cn

Enter 'CN' value:[Windows userid-e.g. bgates]

8) Enter name component: [hit enter]

9) Enter PEM pass phrase:[enter difficult to guess pass phrase]

10) Email the resulting C:\Documents and Settings\[username]\.globus\usercert_request.pem to DWashington1@cdc.gov

11) Copy the usercert.pem file you receive from Dan to c:\Documents and Settings\ [username]\.globus\usercert.pem (overwriting the existing file)

14. Run the following command to validate correct host certificate installation:

openssl verify -CApath c:\etc\grid-security\certificates -purpose sslclient "c:\Documents and Settings\[username]\.globus\usercert.pem"

You should get a message like: "c:\Documents and Settings\[username]\.globus\usercert.pem : OK" if the verification is successful.

15. Create the following environment variables:

X509_CA_CERT=31f15ec4.0

X509_CERT_DIR=c:\etc\grid-security\certificates

X509_USER_CERT= "c:\documents and settings\[your_user_name]\.globus\usercert.pem"

X509_USER_KEY= "c:\documents and settings\[your_user_name]\.globus\userkey.pem"

18. Run the command: %GLOBUS_LOCATION%\etc\globus-devel-env.bat

19. Change directory to: c:\etc\grid-security

20. Create a proxy file using the following command: grid-proxy-init -cert hostcert.pem -key hostkey.pem -out containerproxy.pem

21. Open a command prompt and change directory to: %GLOBUS_LOCATION%

22. Run the command ant -f share\globus_wsrf_common\tomcat\tomcat.xml deploySecureTomcat -Dtomcat.dir=C:\apache-tomcat-5.5.27

23. Open the server.xml file in your %CATALINA_HOME%\conf directory

24. Include the following entries in the <Service name="Catalina"> section of the server.xml file.

<Connector

className="org.globus.tomcat.coyote.net.HTTPSConnector"

port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

autoFlush="true"

disableUploadTimeout="true" scheme="https"

enableLookups="true" acceptCount="100" debug="0"

secure=”true” clientAuth=”false” sslProtocol=”TLS”

protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol"

socketFactory="org.globus.tomcat.catalina.net.BaseHTTPSServerSocketFactory"

proxy="c:\etc\grid-security\containerproxy.pem"

cert="c:\etc\grid-security\containercert.pem"

key="c:\etc\grid-security\containerkey.pem"

keystoreFile="C:\etc\grid-security\keys\.keystore"

keystorePass="changeit"

SSLEngine="on"

SSLCertificateFile="c:\etc\grid-security\keys\[hostname]Cert.pem"

SSLCertificateKeyFile="c:\OpenSSL\demoCA\private\cakey.pem"

SSLPassword="changeit"

cacertdir="c:\etc\grid-security\certificates"/>

25. Include the following entry in the <Engine name="Catalina" ... > section

<Valve className="org.globus.tomcat.coyote.valves.HTTPSValve55"/>

26. Save the file

27. Start Apache with the Windows Services interface.

28. Open a command prompt and run: grid-proxy-init -verify

28. Test your installation with the following command:

Open a Web Browser and link to the following site: https://localhost:8443/wsrf/services