Grid Certificate Renewal
A page detailing how grid certificates are renewed for grid resources. These instructions should not be followed for user certificates!
General Procedure
- Locate the hostcert.pem and hostkey.pem files on the grid node.
- Convert with the command
openssl -pkcs12 -export -in hostcert.pem -inkey hostkey.pem -out cert.p12
.
- Transfer the .p12 file to local file system (ie epdt82)
- Import certificate into mozilla. Note that multiple profiles (Tools -> Switch Profiles) can be used to manage multiple certificates!
- Renew the certificate at https://ca-ra.grid-support.ac.uk
Note that when prompted, the same password is used to protect certificates as is used to log onto the appropriate node!
Certificate Locations:
epgce2
Filename |
Owner |
Group |
Permissions |
/etc/grid-security/hostkey.pem |
root |
root |
400 |
/etc/grid-security/hostcert.pem |
root |
root |
644 |
/home/glite/.certs/hostkey.pem |
glite |
glite |
400 |
/home/glite/.certs/hostcert.pem |
glite |
glite |
644 |
epgce3
Filename |
Owner |
Group |
Permissions |
/etc/grid-security/hostkey.pem |
root |
root |
400 |
/home/glite/.certs/hostkey.pem |
glite |
glite |
400 |
/etc/grid-security/hostcert.pem |
root |
root |
644 |
/home/glite/.certs/hostcert.pem |
glite |
glite |
644 |
epgmo1
Filename |
Owner |
Group |
Permissions |
/etc/grid-security/hostkey.pem |
root |
root |
400 |
/etc/grid-security/hostcert.pem |
root |
root |
644 |
/etc/tomcat5/hostkey.pem |
tomcat |
tomcat |
400 |
/etc/tomcat5/hostcert.pem |
tomcat |
tomcat |
644 |
/etc/grid-security/lfcmgr/lfckey.pem |
lfcmgr |
lfcmgr |
400 |
/etc/grid-security/lfcmgr/lfccert.pem |
lfcmgr |
lfcmgr |
644 |
/opt/glite/var/rgma/.certs/hostkey.pem |
rgma |
rgma |
400 |
/opt/glite/var/rgma/.certs/hostcert.pem |
rgma |
rgma |
644 |
The public and private keys of ce1-4 and se1 appear in
/data1/grid/certs/_hostname_/host_(cert || key)_.pem
, belonging to root.
epgsr1
Filename |
Owner |
Group |
Permissions |
/etc/grid-security/hostkey.pem |
root |
root |
400 |
/etc/grid-security/hostcert.pem |
root |
root |
644 |
/etc/grid-security/dpmmgr/dpmkey.pem |
dpmmgr |
dpmmgr |
400 |
/etc/grid-security/dpmmgr/dpmcert.pem |
dpmmgr |
dpmmgr |
644 |
/home/edginfo/.globus/userkey.pem |
edginfo |
edginfo |
400 |
/home/edginfo/.globus/usercert.pem |
edginfo |
edginfo |
644 |
/home/edguser/.globus/userkey.pem |
edguser |
edguser |
400 |
/home/edguser/.globus/usercert.pem |
edguser |
edguser |
644 |
--
ChristopherCurtis - 24 Jul 2009
This topic: Computing
> WebHome >
LocalGridInternals > CertificateRenewal
Topic revision: r4 - 21 Aug 2009 - _47C_61UK_47O_61eScience_47OU_61Birmingham_47L_61ParticlePhysics_47CN_61christopher_32curtis