Grid Certificate Renewal

A page detailing how grid certificates are renewed for grid resources. These instructions should not be followed for user certificates!

General Procedure

This would be easier if firefox/mozilla were installed on all Grid nodes. This should not happen for the following reasons:

  1. The browser will run as root on the resource. This is a security risk
  2. The browser will require a large number of packages (such as X, gtk etc) be installed and maintained.
  3. The .pem files will still have to be backed up externally

epgce2

epgmo1

epgsr1

Locations:

Filename Owner Group Permissions
/etc/grid-security/hostkey.pem root root 400
/etc/grid-security/hostcert.pem root root 644

-- ChristopherCurtis - 24 Jul 2009


This topic: Computing > WebHome > LocalGridInternals > CertificateRenewal
Topic revision: r1 - 24 Jul 2009 - _47C_61UK_47O_61eScience_47OU_61Birmingham_47L_61ParticlePhysics_47CN_61christopher_32curtis
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback