Globus Transfer Service Certificate Authority Update

Last Updated: September 12, 2022

Important

Globus Connect installations must be updated with a new transfer service trust root by December 12, 2022 to prevent interruption of services.

Notice

Globus is updating the Certificate Authority (CA) used for its transfer service, and moving to a different system for managing the CA. Globus Connect installations (Globus Connect Server and Globus Connect Personal) must be updated to install the new trust root by December 12, 2022. After this date, the Globus service will cease to function properly with most Globus Connect installations that have not updated the trust root.

Update Instructions

Information for updating your deployment is provided below. Once the update is complete, in-flight transfers will not resume until the new trust root is recognized. A directory listing or transfer request will cause the new trust root to be recognized, with the exception of GCSv4 deployments, which require the directory listing or transfer request to be on a shared endpoint for the new trust root to be recognized.

Globus Connect Server v5

All Globus Connect Server v5 deployments must update to version 5.4.50 or later. Update instructions.

Globus Connect Server v4

We recommend that all Globus Connect Server v4 deployments migrate to Globus Connect Server v5 as soon as possible. Migration tools and instructions are currently available for all standard POSIX deployments. Migration support for premium connectors will be available soon.

Alternatively, Globus Connect Server v4 deployments can be updated to version 4.0.63. Update instructions.

Without this update, Globus Connect Server v4 endpoints that have sharing enabled (Sharing = True in /etc/globus-connect-server.conf), or have configured a MyProxy Server value of myproxy.globusonline.org, will cease to operate with the Globus service as of December 12, 2022.

Note

Installing the latest package is sufficient to apply the trust root update. It is not necessary to run globus-connect-server-setup after the package is installed, unless the deployment was originally created using globus-connect-server-setup with the --config-file or --root options to use a non-standard configuration file location or root dir. Use of these options is not common.

Globus Connect Personal

All Globus Connect Personal installations should be updated to version 3.2.0 using the instructions below for your operating system.

Globus Connect Personal v2 is now deprecated and will be discontinued on December 12th.

Globus Connect Personal Mac update instructions. If not using the in-app update, download the latest version here.

Globus Connect Personal Windows update instructions. If not using the in-app update, download the latest version here.

Globus Connect Personal Linux update instructions. Download the latest version here.

Note

We recommend ensuring the Automatically check for updates option is selected for automatic notification of important security updates on Windows and Mac versions. Follow the link below for your operating system for configuration instructions.

Manual Update

The latest versions of Globus Connect Server and Globus Connect Personal are built for currently supported platforms. If your current platform is no longer supported, you can update the trust roots manually so that your endpoint can continue to function after December 12, 2022.

Important

While we do not prevent end-of-life platforms from deploying Globus Connect, we can not provide support for these deployments. Please upgrade your platform as soon as possible.

Remove Old Trust Roots

You will need to remove old versions of the Globus transfer service CA certificates from your trust root directory. The location of the trust roots are described below. Remove any files with the following prefixes:

7a42187f.* 4b828555.* c7ab88a4.* globus_transfer_ca_2.* globus_transfer_ca_2_int.*

Install New Trust Roots

Extract the downloaded archive and move the files from its globus-transfer-ca-2022 directory into the trust root directory on the endpoint. The location of the trust roots are described below.

Trust Root Locations

Globus Connect Server v5

The trust root location is /var/lib/globus-connect-server/grid-security/certificates.

Globus Connect Server v4

The default trust root location is /var/lib/globus-connect-server/grid-security/certificates, but it can be overridden in the configuration. Check /etc/globus-connect-server.conf to see if you’ve defined TrustedCertificateDirectory.

Globus Connect Personal

The trust roots for Globus Connect Personal are part of the installed package, so the location will depend on where you have chosen to install it.

The default location for Windows is C:\Program Files (x86)\Globus Connect Personal\etc\ca.

The default location for Mac is /Applications/Globus Connect Personal.app/Contents/MacOS/etc/ca.

The trust roots for Linux are at ./etc/ca in the location you extracted the installation package, for example ~/globusconnectpersonal-3.0.4/etc/ca.

Globus Connect Personal v2

Globus Connect Personal v2 is now deprecated and will be discontinued on December 12th.

If you’re currently running Globus Connect Server v2 on an end-of-life platform that is not supported by version 3.2.0, please upgrade to the v3.0.x series linked below, and update the trust roots manually. You will not be able to continue using Globus Connect Personal v2 after December 12, 2022.

Download Globus Connect Personal 3.0.4: Mac Windows Linux

Important

While we do not prevent end-of-life platforms from deploying old versions of Globus Connect Personal, we can not provide support for these deployments, and Globus Connect Personal will receive no further updates for these platforms. Please upgrade your platform as soon as possible.