License Expiration Dates

o New FusionGrid user

  1) User clicks "Request New Certificate"
     Activates /var/html/CertReqForm.html
        Fills out form
     Info handed to /var/cgi-bin/
        Checks user not already defined
        Checks for invalid data
     Key and certificate request generated
     Request enrolled in
        with mail address set to
     Request information saved in directory /var/www/CertRequests
     Key information saved in directory /var/www/CertRequests

  2) sends e-mail to
     A clicks on url given in e-mail
      and approves certificate request
     Approval notice is mailed to

  3) Cronjob on runs "" 
       every ten minutes reads any e-mail in
       with Subject "Your Certificate Request"
     Looks for success message
         Gets Distinguished Name
         Extracts Certficate
     Update myproxy on this computer (
     Enter user into
     Move info file to /var/www/Users     
     Clean up /var/www/CertRequests
     Mail user can login to
       and can use for myproxy

  4) Cron job at 1:11AM will syncronize myproxy at and then user can use for myproxy

o Accept myproxy request from user

  1) /etc/init.d/myproxy started at boottime
     Uses /var/myproxy as location for proxy files
     /var/myproxy has been updated
  2) Normal myproxy actions
       which return proxy to user

o Renew user

  1) At 2AM, is run by cron from account fgcm

  2) Gets list of processed renewal users from renewalDB

  3) Interates over new renewal notifications in mailbox
     Checks if user exists
     Checks if certificate has already expired
     Checks if user has already responded
     Else emails user to click 
       on declineRenewal URL or
       on renewCert URL

  4) Updates renewalDB

 - Process declineRenewal URL with user argument

   1) Get Certified Name (CN) from URL parameter
   2) Get list of processed renewal users from renewalDB
      Mark as declined in renewalDB

 - Process renewCert URL with user argument

   1) Get Certified Name (CN) from URL parameter

   2) Get list of processed renewal users from renewalDB
   3) Get user information and submit renewal
       requesting current passphrase
       URL used is

 - Submit renewal activated

   1) Get form information including Certified Name

   2) Use password to load Credential of user

   3) Active HTTPs Request on
        for certbasedenrollment
      And get response

   4) Replace user's key and certificate
      Update phone/email
      Update renewal database 
      Put success message submit renew from

o Change Certificate Password request

       User clicks on "Change certificate password"
     Form asks for username, old password, 
       new password, verify new password, and
       password hint.
     and then posts to cgi-bin/changePass

  2) cgi-bin/changePass verifies user from
     Invokes myproxy-admin-change-pass
     Checks return values     
     Looks for password hint
     Updates /var/www/Users/*.info for user

o Password Hint request

       User clicks on "Password Hint"
     Form asks for user name
     and then posts to cgi-bin/

  2) cgi-bin/ verifies user from
     Gets password hint from *.info
     Gets e-mail address from *.info
     Mails hint to user

o Forgotten password request

       User clicks on "Forgotten Password"
     Form requests user name, new password,
       verify new password, and password hint
     Posts to cgi-bin/recoverCert

  2) cgi-bin/recoverCert verifies user from
     Gets CN (certificate name) from *.info
     Generates New key and cerificate request
       for this CN
     Generates http request using information
       from *.info
     Adds comment "CERT issue Request!'
     Connects request to flourite.esnet:9002
     Updates password and password hint
     Saves *.info and *-key.pem in CertRequests

  3) Now treated as new certificate request
     i.e. FusionGrid RA gets request in e-mail
       and approves

o Remove user (Disabled)
  Disabled since insecure once pbscookie broken

   1) To restore to eliminate user

     /bin/mkdir /var/www/html/a
     /bin/cp -ip $s/a/index.html /var/www/html/a

     /bin/mkdir /var/www/cgi-bin/p
     /bin/cp -ip $s/p/ /var/www/cgi-bin/p
     Note: hack in a name check in copied
       so only that user can be removed
     Note: below required before will work
     /bin/cp -ip $s/p/ /var/www/cgi-bin/p

  2) To remove later

     /bin/rm -ir /var/www/cgi-bin/p
     /bin/rm -ir /var/www/html/a

     Enter username to remove and click submit

  4) invoked
     Gets username from form
     Calculates locations of /var/www/User/*.info,
       /var/myproxy/*.data, and /var/myproxy/*.cred files
     Verifies files exist

   5) Gets Distinguished Name (DN) for *.info file
      Connects to roam.fusiongrid with remuser= argument
        User removed on
      Removes info, data, and cred file for user