hidden:Install new certificates on HPSS GridFTP servers: Difference between revisions

From Lsdf
Jump to navigationJump to search
No edit summary
No edit summary
Line 2: Line 2:
Here is an example for archive-sftp-02.lsdf.kit.edu
Here is an example for archive-sftp-02.lsdf.kit.edu
'''change the umask temporarily'''
'''Change the umask temporarily'''
'''only the root user has to have access on these files !!!'''
'''only the root user has to have access on these files !!!'''
[root@archive-sftp-02 grid-security]# umask 0066
[root@archive-sftp-02 grid-security]# umask 0066

Revision as of 14:50, 24 August 2016

HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
Here is an example for archive-sftp-02.lsdf.kit.edu

Change the umask temporarily
only the root user has to have access on these files !!!
[root@archive-sftp-02 grid-security]# umask 0066
put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12' 
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# pwd
/etc/grid-security
[root@archive-sftp-02 grid-security]# mv hostcert.pem
hostcert.pem.old.06.07.2016
[root@archive-sftp-02 grid-security]# mv hostkey.pem
hostkey.pem.old.06.07.2016
Extract the new hostcert:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
Enter Import Password:
MAC verified OK
Extract the new hostkey:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
Enter Import Password: 
MAC verified OK
[root@archive-sftp-02 grid-security]# ls -al
-rw-------   1 root   root    1789 Jul  6 16:54 hostcert.pem
-rw-------   1 root   root    1891 Jul  6 16:55 hostkey.pem
Restore the umask
[root@archive-sftp-02 grid-security]# umask 0022