Tags:
view all tags
<!-- keep this as a security measure: #uncomment if the subject should only be modifiable by the listed groups # * Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup,Main.CMSAdminGroup # * Set ALLOWTOPICRENAME = Main.TWikiAdminGroup,Main.CMSAdminGroup #uncomment this if you want the page only be viewable by the listed groups # * Set ALLOWTOPICVIEW = Main.TWikiAdminGroup,Main.CMSAdminGroup,Main.CMSAdminReaderGroup --> ---+ Grid Host Certificate instruction * Check if hostname is publicly resolvable. When not, create a Change Task within SNOW and assign it to itsm-network. * Prepare certificate request =hostname.psi.ch-csr.pem= from =t3admin02:/root/clusteradmin/etc/grid-ca= <pre> tree -P 't3*' clusteradmin/etc/grid-ca clusteradmin/etc/grid-ca |-- certs-2020 | |-- t3cmsvobox_psi_ch.crt | |-- t3dcachedb03_psi_ch.crt | `-- t3se01_psi_ch.crt |-- keys | |-- t3cmsvobox.psi.ch-key.pem | |-- t3dcachedb03.psi.ch-key.pem | `-- t3se01.psi.ch-key.pem `-- requestdir |-- t3cmsvobox.psi.ch.cfg |-- t3cmsvobox.psi.ch-csr.pem |-- t3dcachedb03.psi.ch.cfg |-- t3dcachedb03.psi.ch-csr.pem |-- t3se01.psi.ch.cfg `-- t3se01.psi.ch-csr.pem </pre> by the command like: <pre> # ./create_keys.sh t3se01.psi.ch Using existing key /root/clusteradmin/etc/grid-ca/keys/t3se01.psi.ch-key.pem for new request </pre> * to upload CSR request be registered on https://tl.quovadisglobal.com/subscriber/ interface (with email as login) * After you put the request in the system, it will be confirmed by CA administrator and in 1-2 days you will get mail notification with download instruction and be able to download the certificate. * copy downloaded certificate to the host as =/etc/grid-security/hostcert.pem= * on t3se01 check if the following link exist =hostcert-ssm.pem -> hostcert.pem= and hostkey-ssm.pem is readable for apel user * useful commands: <pre> openssl x509 -noout -modulus -in /etc/grid-security/hostcert.pem | openssl md5 openssl rsa -noout -modulus -in /etc/grid-security/hostkey.pem | openssl md5 openssl x509 -subject -in /etc/grid-security/hostcert.pem openssl x509 -enddate -in /etc/grid-security/hostcert.pem --noout </pre> * Certificate *renewal*: According to https://tl.quovadisglobal.com/clientadmin/content/TLE_V2_Subscriber_Manual.pdf Trust/Link will send you reminder emails leading up to the expiry of your SSL certificate. These emails are sent 30 days, 14 day, and 1 day before expiry.
Attachments
Attachments
Topic attachments
I
Attachment
History
Action
Size
Date
Who
Comment
pdf
Antragsformular-EUgridPMA-Zertifikat-v01.pdf
r1
manage
300.7 K
2020-03-23 - 11:10
NinaLoktionova
Edit
|
Attach
|
Watch
|
P
rint version
|
H
istory
:
r5
<
r4
<
r3
<
r2
<
r1
|
B
acklinks
|
V
iew topic
|
Raw edit
|
More topic actions...
Topic revision: r2 - 2020-03-24
-
NinaLoktionova
CmsTier3
Log In
CmsTier3 Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
User Pages
Main Page
Policies
Monitoring Storage Space
Monitoring Slurm Usage
Physics Groups
Steering Board Meetings
Admin Pages
AdminArea
Cluster Specs
Home
Site map
CmsTier3 web
LCGTier2 web
PhaseC web
Main web
Sandbox web
TWiki web
CmsTier3 Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
Edit
Attach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback