Grid Host Certificate instruction
- Check if hostname is publicly resolvable. When not, create a Change Task within SNOW and assign it to itsm-network.
- Prepare certificate request
hostname.psi.ch-csr.pem
from t3admin02:/root/clusteradmin/etc/grid-ca
tree -P 't3*' clusteradmin/etc/grid-ca
clusteradmin/etc/grid-ca
|-- certs-2020
| |-- t3cmsvobox_psi_ch.crt
| |-- t3dcachedb03_psi_ch.crt
| `-- t3se01_psi_ch.crt
|-- keys
| |-- t3cmsvobox.psi.ch-key.pem
| |-- t3dcachedb03.psi.ch-key.pem
| `-- t3se01.psi.ch-key.pem
`-- requestdir
|-- ............................
by the command like:
# ./create_keys.sh t3se01.psi.ch
Using existing key /root/clusteradmin/etc/grid-ca/keys/t3se01.psi.ch-key.pem for new request
- After you put the request in the system, it will be confirmed by CA administrator and in 1-2 days you will get mail notification with download instruction and be able to download the certificate.
- copy downloaded certificate to the host as
/etc/grid-security/hostcert.pem
- useful commands:
openssl x509 -noout -modulus -in /etc/grid-security/hostcert.pem | openssl md5
openssl rsa -noout -modulus -in /etc/grid-security/hostkey.pem | openssl md5
openssl x509 -subject -in /etc/grid-security/hostcert.pem
openssl x509 -enddate -in /etc/grid-security/hostcert.pem --noout