hidden:Install new certificates on HPSS GridFTP servers: Difference between revisions

Revision as of 14:49, 24 August 2016

HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
Here is an example for archive-sftp-02.lsdf.kit.edu

change the umask temporarily
only the root user has to have access on these files !!!
[root@archive-sftp-02 grid-security]# umask 0066
put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12' 
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# pwd
/etc/grid-security
[root@archive-sftp-02 grid-security]# mv hostcert.pem
hostcert.pem.old.06.07.2016
[root@archive-sftp-02 grid-security]# mv hostkey.pem
hostkey.pem.old.06.07.2016
Extract the new hostcert:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
Enter Import Password:
MAC verified OK
Extract the new hostkey:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
Enter Import Password: 
MAC verified OK
[root@archive-sftp-02 grid-security]# ls -al
-rw-------   1 root   root    1789 Jul  6 16:54 hostcert.pem
-rw-------   1 root   root    1891 Jul  6 16:55 hostkey.pem
[root@archive-sftp-02 grid-security]# umask 0022

@@ Line 1: / Line 1: @@
  HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
  Here is an example for archive-sftp-02.lsdf.kit.edu
+ '''change the umask temporarily'''
+ '''only the root user has to have access on these files !!!'''
  [root@archive-sftp-02 grid-security]# umask 0066
  '''put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12''''

hidden:Install new certificates on HPSS GridFTP servers: Difference between revisions

Revision as of 14:49, 24 August 2016

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools