Grid Certificate Renewal

A page detailing how grid certificates are renewed for grid resources. These instructions should not be followed for user certificates!

General Procedure

  1. Locate the hostcert.pem and hostkey.pem files on the grid node.
  2. Convert with the command openssl -pkcs12 -export -in hostcert.pem -inkey hostkey.pem -out cert.p12.
  3. Transfer the .p12 file to local file system (ie epdt82)
  4. Import certificate into mozilla. Note that multiple profiles (Tools -> Switch Profiles) can be used to manage multiple certificates!
  5. Renew the certificate at https://ca-ra.grid-support.ac.uk

Note that when prompted, the same password is used to protect certificates as is used to log onto the appropriate node!

Certificate Locations:

epgce2

Filename Owner Group Permissions
/etc/grid-security/hostkey.pem root root 400
/etc/grid-security/hostcert.pem root root 644
/home/glite/.certs/hostkey.pem glite glite 400
/home/glite/.certs/hostcert.pem glite glite 644

epgmo1

Filename Owner Group PermissionsSorted ascending
/etc/grid-security/hostkey.pem root root 400
/etc/tomcat5/hostkey.pem tomcat tomcat 400
/etc/grid-security/lfcmgr/lfckey.pem lfcmgr lfcmgr 400
/opt/glite/var/rgma/.certs/hostkey.pem rgma rgma 400
/etc/grid-security/hostcert.pem root root 644
/etc/tomcat5/hostcert.pem tomcat tomcat 644
/etc/grid-security/lfcmgr/lfccert.pem lfcmgr lfcmgr 644
/opt/glite/var/rgma/.certs/hostcert.pem rgma rgma 644

The public and private keys of ce1-4 and se1 appear in /data1/grid/certs/_hostname_/host_(cert || key)_.pem, belonging to root.

epgsr1

Filename Owner Group Permissions
/etc/grid-security/hostkey.pem root root 400
/etc/grid-security/hostcert.pem root root 644
/etc/grid-security/dpmmgr/dpmkey.pem dpmmgr dpmmgr 400
/etc/grid-security/dpmmgr/dpmcert.pem dpmmgr dpmmgr 644
/home/edginfo/.globus/userkey.pem edginfo edginfo 400
/home/edginfo/.globus/usercert.pem edginfo edginfo 644
/home/edguser/.globus/userkey.pem edguser edguser 400
/home/edguser/.globus/usercert.pem edguser edguser 644

-- ChristopherCurtis - 24 Jul 2009

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r3 - 04 Aug 2009 - _47C_61UK_47O_61eScience_47OU_61Birmingham_47L_61ParticlePhysics_47CN_61christopher_32curtis?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback