Tags:
tag this topic
create new tag
view all tags
<!-- keep this as a security measure: #uncomment if the subject should only be modifiable by the listed groups # * Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup,Main.CMSAdminGroup # * Set ALLOWTOPICRENAME = Main.TWikiAdminGroup,Main.CMSAdminGroup #uncomment this if you want the page only be viewable by the listed groups # * Set ALLOWTOPICVIEW = Main.TWikiAdminGroup,Main.CMSAdminGroup,Main.CMSAdminReaderGroup --> ---+ Grid Host Certificate instruction * *T3 Admin access registration* on [[https://tl.quovadisglobal.com/subscriber][ Certification Service Provider QuoVadis]]: * done for the following common T3 address cms-tier3-alerts@lists.psi.ch * responsible T3 Admin has update the name and phone by !UniBe contact person Alexander Kashev <alexander.kashev@math.unibe.ch> * Check if hostname is publicly resolvable. When not, create a Change Task within SNOW and assign it to itsm-network. * Prepare certificate request =hostname.psi.ch-csr.pem= from =t3admin02:/root/clusteradmin/etc/grid-ca= <pre> tree -P 't3*' clusteradmin/etc/grid-ca clusteradmin/etc/grid-ca |-- certs-2020 | |-- t3cmsvobox_psi_ch.crt | |-- t3dcachedb03_psi_ch.crt | `-- t3se01_psi_ch.crt |-- keys | |-- t3cmsvobox.psi.ch-key.pem | |-- t3dcachedb03.psi.ch-key.pem | `-- t3se01.psi.ch-key.pem `-- requestdir |-- ............................ </pre> by the command like: <pre> # ./create_keys.sh t3se01.psi.ch Using existing key /root/clusteradmin/etc/grid-ca/keys/t3se01.psi.ch-key.pem for new request </pre> * to upload CSR request be registered on https://tl.quovadisglobal.com/subscriber/ interface (with email as login) * After you put the request in the system, it will be confirmed by CA administrator and in 1-2 days you will get mail notification with download instruction and be able to download the certificate. * copy downloaded certificate to the host as =/etc/grid-security/hostcert.pem= * useful commands: <pre> openssl x509 -noout -modulus -in /etc/grid-security/hostcert.pem | openssl md5 openssl rsa -noout -modulus -in /etc/grid-security/hostkey.pem | openssl md5 openssl x509 -subject -in /etc/grid-security/hostcert.pem openssl x509 -enddate -in /etc/grid-security/hostcert.pem --noout </pre> * *Certificate renewal*: According to https://tl.quovadisglobal.com/clientadmin/content/TLE_V2_Subscriber_Manual.pdf Trust/Link will send you reminder emails leading up to the expiry of your SSL certificate. These emails are sent 30 days, 14 day, and 1 day before expiry.
Attachments
Attachments
Topic attachments
I
Attachment
History
Action
Size
Date
Who
Comment
pdf
Antragsformular-EUgridPMA-Zertifikat-v01.pdf
r1
manage
300.7 K
2020-03-23 - 11:10
NinaLoktionova
E
dit
|
A
ttach
|
Watch
|
P
rint version
|
H
istory
: r5
<
r4
<
r3
<
r2
<
r1
|
B
acklinks
|
V
iew topic
|
Ra
w
edit
|
M
ore topic actions
Topic revision: r5 - 2020-05-04
-
NinaLoktionova
CmsTier3
Log In
CmsTier3 Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
User Pages
Main Page
Policies
Monitoring Storage Space
Monitoring Slurm Usage
Physics Groups
Steering Board Meetings
Admin Pages
AdminArea
Cluster Specs
Home
Site map
CmsTier3 web
LCGTier2 web
PhaseC web
Main web
Sandbox web
TWiki web
CmsTier3 Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
E
dit
A
ttach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback