grid-proxy-init — Generate a new proxy certificate



Tool description

grid-proxy-init generates X.509 proxy certificates.

By default, this command generates Proxy Draft Proxy Certificates that are very similar to RFC 3820 Proxy Certificates with the exception that the ProxyCertInfo extension is identified with a non-standard OID: "". (Defined in the C code by PROXYCERTINFO_OLD_OID and in java by GSIConstants.GSI_3_IMPERSONATION_PROXY).

There are also options available for generating other types of proxy certificates, including RFC 3820, limited, independent and legacy. For more information about proxy certificate types and their compatibility in GT, see

Command syntax

 grid-proxy-init [-help][-pwstdin][-limited][-valid H:M] ...


Table 12. Command line options

-help, -usage Displays usage.
-version Displays version.
-debug Enables extra debug output.
-q Quiet mode, minimal output.
-verify Verifies the certificate to make the proxy for.
-pwstdin Allows passphrase from stdin.
-rfc Creates a RFC 3820 proxy.
-limited Creates a limited globus proxy.
-independent Creates an independent globus proxy.
-old Creates a legacy globus proxy.
-valid <h:m>Proxy is valid for h hours and m minutes (default:12:00).
-hours <hours> Deprecated support of hours option.
-bits <bits> Number of bits in key {512|1024|2048|4096}.
-policy <policyfile> File containing the policy to store in the ProxyCertInfo extension.
-pl <oid>, -policy-language <oid> OID string for the policy language used in the policy file.
-path-length <l> Allows a chain of at most 1 proxies to be generated from this one.
-cert <certfile> Non-standard location of user certificate.
-key <keyfile> Non-standard location of user key.
-certdir <certdir> Non-standard location of trusted cert directory.
-out <proxyfile> Non-standard location of new proxy cert.


Nothing applicable