EPP Grid - Installing New Host Certificates on CE, SE and MON Grid Nodes

Start of topic | Skip to actions

Installing New Host Certificates on CE, SE and MON Grid Nodes

lcg-compute.hpc.unimelb.edu.au 

# backup original certificate and key - just in case!
$ cd /etc/grid-security/
$ mkdir cert-backup
$ cp  host* cert-backup/

# Search the system for any copies of the cert and key
$ updatedb
$ locate cert.pem

/etc/grid-security/hostcert.pem
/etc/grid-security/cert-backup/hostcert.pem
/usr/share/ssl/cert.pem
/opt/glite/var/rgma/.certs/hostcert.pem

# Verify all of these - make sure you know which to replace
$ openssl x509 -in ${hostcert.pem} -noout -text

# copy new cert's into place

# replace all instances and restart services
$ cp host* /opt/glite/var/rgma/.certs/

# run the host cert validity checker to make sure all is well
$ /etc/cron.daily/hostcertValidity

# reboot the computer
$ reboot

koala.unimelb.edu.au 

# backup original certificate and key - just in case!
$ cd /etc/grid-security/
$ mkdir cert-backup
$ cp  host* cert-backup/

# Search the system for any copies of the cert and key
$ updatedb
$ locate cert.pem

/etc/grid-security/dpmmgr/dpmcert.pem
/etc/grid-security/hostcert.pem
/etc/grid-security/cert-backup/hostcert.pem
/usr/share/ssl/cert.pem
/home/edginfo/.globus/usercert.pem

# Verify all of these - make sure you know which to replace
$ openssl x509 -in ${hostcert.pem} -noout -text

# copy new cert's into place

# replace all instances 
$ cp host* dpmmgr/
$ cd dpmmgr/
$ mv hostcert.pem dpmcert.pem
$ mv hostkey.pem dpmkey.pem
$ chown dpmmgr:dpmmgr *

$ cp host* /home/edginfo/.globus/
$ cd /home/edginfo/.globus/
$ mv hostcert.pem usercert.pem
$ mv hostkey.pem userkey.pem
$ chown edginfo:edginfo *

$ cp host* /opt/glite/var/rgma/.certs/

# run the host cert validity checker to make sure all is well
$ /etc/cron.daily/hostcertValidity

# restart dpm services 
cd /root/bin
./restartDPMServices.sh

lcg-monitor.hpc.unimelb.edu.au 

# backup original certificate and key - just in case!
$ cd /etc/grid-security/
$ mkdir cert-backup
$ cp  host* cert-backup/

# Search the system for any copies of the cert and key
$ updatedb
$ locate cert.pem

/etc/tomcat5/hostcert.pem
/etc/grid-security/hostcert.pem
/etc/grid-security/cert-backup/hostcert.pem
/usr/share/ssl/cert.pem
/opt/glite/var/rgma/.certs/hostcert.pem

# Verify all of these - make sure you know which to replace
$ openssl x509 -in ${hostcert.pem} -noout -text

# copy new cert's into place

# replace all instances
$ cp host* /etc/tomcat5/
$ cp host* /opt/glite/var/rgma/.certs/


$ /etc/init.d/tomcat5 restart

# run the host cert validity checker to make sure all is well
$ /etc/cron.daily/hostcertValidity

# reboot the computer
$ reboot
End of topic
Skip to actions | Back to top

key Log In Revision:  r2 - 02 Oct 2007 - MarcoLaRosa
Authorised by:  Geoff Taylor (G.Taylor @ physics.unimelb.edu.au)
Maintained using:  This site is powered by the TWiki collaboration platform
Copyright © 2000-2009 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.