hidden:Install new certificates on HPSS GridFTP servers: Difference between revisions

From Lsdf
Jump to navigationJump to search
No edit summary
No edit summary
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
'''HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu'''
Here is an example for archive-sftp-02.lsdf.kit.edu
'''Here is an example for archive-sftp-02.lsdf.kit.edu'''

'''Change the umask temporarily'''
'''Change the umask temporarily'''
'''only the owner has to have access on these files !!!'''
'''only the owner has to have access on these files !!!'''
[root@archive-sftp-02 grid-security]# umask 0066
[root@archive-sftp-02 grid-security]# umask 0066
'''umask does not work with scp, better chmod 700 grid-security'''
[root@archive-sftp-02 grid-security]#chmod 700 grid-security

'''Put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12''''
'''Put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12''''
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# pwd
[root@archive-sftp-02 grid-security]# pwd
/etc/grid-security
/etc/grid-security
[root@archive-sftp-02 grid-security]# mv hostcert.pem
[root@archive-sftp-02 grid-security]#chmod 600 archive-sftp-01.lsdf.kit.edu.07.07.2016.p12
[root@archive-sftp-02 grid-security]# rm hostcert.pem
hostcert.pem.old.06.07.2016
[root@archive-sftp-02 grid-security]# mv hostkey.pem
[root@archive-sftp-02 grid-security]# rm hostkey.pem

hostkey.pem.old.06.07.2016
'''Extract the new hostcert:'''
'''Extract the new hostcert:'''
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
Enter Import Password:
Enter Import Password:
MAC verified OK
MAC verified OK

'''Extract the new hostkey:'''
'''Extract the new hostkey:'''
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
Line 24: Line 29:
-rw------- 1 root root 1789 Jul 6 16:54 hostcert.pem
-rw------- 1 root root 1789 Jul 6 16:54 hostcert.pem
-rw------- 1 root root 1891 Jul 6 16:55 hostkey.pem
-rw------- 1 root root 1891 Jul 6 16:55 hostkey.pem

'''Make a copy of hostcert and hostkey for backend and frontend GridFTP servers'''
'''Make a copy of hostcert and hostkey for backend and frontend GridFTP servers'''
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_backend.pem
Line 29: Line 35:
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_frontend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_frontend.pem

'''Restore the umask'''
'''Restore the umask'''
[root@archive-sftp-02 grid-security]# umask 0022
[root@archive-sftp-02 grid-security]# umask 0022
'''Restore the original permissions for grid-security'''
[root@archive-sftp-02 grid-security]#chmod 755 grid-security



----[[ hidden:HPSS|<small>back to HPPS main page</small>]]

Latest revision as of 10:06, 18 July 2017

HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
Here is an example for archive-sftp-02.lsdf.kit.edu

Change the umask temporarily
only the owner has to have access on these files !!!
[root@archive-sftp-02 grid-security]# umask 0066
umask does not work with scp, better chmod 700 grid-security
[root@archive-sftp-02 grid-security]#chmod 700 grid-security


Put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12' 
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# pwd
/etc/grid-security
[root@archive-sftp-02 grid-security]#chmod 600 archive-sftp-01.lsdf.kit.edu.07.07.2016.p12
[root@archive-sftp-02 grid-security]# rm hostcert.pem 
[root@archive-sftp-02 grid-security]# rm hostkey.pem 

Extract the new hostcert:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
Enter Import Password:
MAC verified OK

Extract the new hostkey:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
Enter Import Password: 
MAC verified OK
[root@archive-sftp-02 grid-security]# ls -al
-rw-------   1 root   root    1789 Jul  6 16:54 hostcert.pem
-rw-------   1 root   root    1891 Jul  6 16:55 hostkey.pem

Make a copy of hostcert and hostkey for backend and frontend GridFTP servers
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_frontend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_frontend.pem

Restore the umask
[root@archive-sftp-02 grid-security]# umask 0022
Restore the original permissions for grid-security
[root@archive-sftp-02 grid-security]#chmod 755 grid-security


back to HPPS main page

Retrieved from "https://wiki.scc.kit.edu/lsdf/index.php?title=hidden:Install_new_certificates_on_HPSS_GridFTP_servers&oldid=4907"