Grid Host Certificate instruction
- Check if hostname is publicly resolvable. When not, create a Change Task within SNOW and assign it to itsm-network.
- Prepare certificate request
hostname.psi.ch-csr.pem from t3admin02:/root/clusteradmin/etc/grid-ca
tree -P 't3*' clusteradmin/etc/grid-ca
clusteradmin/etc/grid-ca
|-- certs-2020
| |-- t3cmsvobox_psi_ch.crt
| |-- t3dcachedb03_psi_ch.crt
| `-- t3se01_psi_ch.crt
|-- keys
| |-- t3cmsvobox.psi.ch-key.pem
| |-- t3dcachedb03.psi.ch-key.pem
| `-- t3se01.psi.ch-key.pem
`-- requestdir
|-- t3cmsvobox.psi.ch.cfg
|-- t3cmsvobox.psi.ch-csr.pem
|-- t3dcachedb03.psi.ch.cfg
|-- t3dcachedb03.psi.ch-csr.pem
|-- t3se01.psi.ch.cfg
`-- t3se01.psi.ch-csr.pem
by the command like:
# ./create_keys.sh t3se01.psi.ch
Using existing key /root/clusteradmin/etc/grid-ca/keys/t3se01.psi.ch-key.pem for new request
- After you put the request in the system, it will be confirmed by CA administrator and in 1-2 days you will get mail notification with download instruction and be able to download the certificate.
- copy downloaded certificate to the host as
/etc/grid-security/hostcert.pem
- on t3se01 check if the following link exist
hostcert-ssm.pem -> hostcert.pem and hostkey-ssm.pem is readable for apel user
openssl x509 -noout -modulus -in /etc/grid-security/hostcert.pem | openssl md5
openssl rsa -noout -modulus -in /etc/grid-security/hostkey.pem | openssl md5
openssl x509 -subject -in /etc/grid-security/hostcert.pem
openssl x509 -enddate -in /etc/grid-security/hostcert.pem --noout
--
NinaLoktionova - 2020-03-23
interface (with email as login)
pdf 
CmsTier3
CmsTier3 Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
Home 
Site map
CmsTier3 web
RSS Feed
Account 
