---+ Grid Certificate Renewal A page detailing how grid certificates are renewed for grid resources. These instructions should not be followed for user certificates! %TOC% ---++ General Procedure 1 Locate the hostcert.pem and hostkey.pem files on the grid node. 1 Convert with the command =openssl -pkcs12 -export -in hostcert.pem -inkey hostkey.pem -out cert.p12=. 1 Transfer the .p12 file to local file system (ie epdt82) 1 Import certificate into mozilla. Note that multiple profiles (Tools -> Switch Profiles) can be used to manage multiple certificates! 1 Renew the certificate at [[https://ca-ra.grid-support.ac.uk][https://ca-ra.grid-support.ac.uk]] *Note that when prompted, the same password is used to protect certificates as is used to log onto the appropriate node!* 1 Once renewed, export the new p12 certificate from the browser 1 Convert the p12 file to pem format: =openssl pkcs12 -in cert.p12 -clcerts -nokeys -out hostcert.pem= <br /> =openssl pkcs12 -nodes -in cert.p12 -nocerts -out hostkey.pem= 1 Copy the pem files to the appropriate locations on the grid nodes. ---++ Certificate Locations: ---+++ epgce2 | *Filename* | *Owner* | *Group* | *Permissions* | | /etc/grid-security/hostkey.pem | root | root | 400 | | /etc/grid-security/hostcert.pem | root | root | 644 | | /home/glite/.certs/hostkey.pem | glite | glite | 400 | | /home/glite/.certs/hostcert.pem | glite | glite | 644 | ---+++ epgce3 | *Filename* | *Owner* | *Group* | *Permissions* | | /etc/grid-security/hostkey.pem | root | root | 400 | | /etc/grid-security/hostcert.pem | root | root | 644 | | /home/glite/.certs/hostkey.pem | glite | glite | 400 | | /home/glite/.certs/hostcert.pem | glite | glite | 644 | ---+++ epgmo1 | *Filename* | *Owner* | *Group* | *Permissions* | | /etc/grid-security/hostkey.pem | root | root | 400 | | /etc/grid-security/hostcert.pem | root | root | 644 | | /etc/tomcat5/hostkey.pem | tomcat | tomcat | 400 | | /etc/tomcat5/hostcert.pem | tomcat | tomcat | 644 | | /etc/grid-security/lfcmgr/lfckey.pem | lfcmgr | lfcmgr | 400 | | /etc/grid-security/lfcmgr/lfccert.pem | lfcmgr | lfcmgr | 644 | | /opt/glite/var/rgma/.certs/hostkey.pem | rgma | rgma | 400 | | /opt/glite/var/rgma/.certs/hostcert.pem | rgma | rgma | 644 | The public and private keys of ce1-4 and se1 appear in =/data1/grid/certs/_hostname_/host_(cert || key)_.pem=, belonging to root. ---+++ epgsr1 | *Filename* | *Owner* | *Group* | *Permissions* | | /etc/grid-security/hostkey.pem | root | root | 400 | | /etc/grid-security/hostcert.pem | root | root | 644 | | /etc/grid-security/dpmmgr/dpmkey.pem | dpmmgr | dpmmgr | 400 | | /etc/grid-security/dpmmgr/dpmcert.pem | dpmmgr | dpmmgr | 644 | | /home/edginfo/.globus/userkey.pem | edginfo | edginfo | 400 | | /home/edginfo/.globus/usercert.pem | edginfo | edginfo | 644 | | /home/edguser/.globus/userkey.pem | edguser | edguser | 400 | | /home/edguser/.globus/usercert.pem | edguser | edguser | 644 | -- Main.ChristopherCurtis - 24 Jul 2009
This topic: Computing
>
WebHome
>
LocalGridInternals
>
CertificateRenewal
Topic revision: r5 - 02 Sep 2009 - _47C_61UK_47O_61eScience_47OU_61Birmingham_47L_61ParticlePhysics_47CN_61christopher_32curtis
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback