Difference between revisions of "hidden:Install new certificates on HPSS GridFTP servers"

From Lsdf
 
(22 intermediate revisions by the same user not shown)
Line 1: Line 1:
HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
+
'''HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu'''
  +
'''Here is an example for archive-sftp-02.lsdf.kit.edu'''
   
  +
'''Change the umask temporarily'''
[root@archive-sftp-02 grid-security]# mv hostcert.pem
 
  +
'''only the owner has to have access on these files !!!'''
hostcert.pem.old.06.07.2016
 
[root@archive-sftp-02 grid-security]# mv hostkey.pem
+
[root@archive-sftp-02 grid-security]# umask 0066
  +
'''umask does not work with scp, better chmod 700 grid-security'''
hostkey.pem.old.06.07.2016
 
  +
[root@archive-sftp-02 grid-security]#chmod 700 grid-security
  +
  +
  +
'''Put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12''''
  +
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
  +
[root@archive-sftp-02 grid-security]# pwd
  +
/etc/grid-security
  +
[root@archive-sftp-02 grid-security]#chmod 600 archive-sftp-01.lsdf.kit.edu.07.07.2016.p12
  +
[root@archive-sftp-02 grid-security]# rm hostcert.pem
  +
[root@archive-sftp-02 grid-security]# rm hostkey.pem
  +
  +
'''Extract the new hostcert:'''
 
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
 
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
 
Enter Import Password:
 
Enter Import Password:
 
MAC verified OK
 
MAC verified OK
  +
  +
'''Extract the new hostkey:'''
 
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
 
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
 
Enter Import Password:
 
Enter Import Password:
 
MAC verified OK
 
MAC verified OK
[root@archive-sftp-02 grid-security]#
+
[root@archive-sftp-02 grid-security]# ls -al
[root@archive-sftp-02 grid-security]# chmod 600 hostcert.pem
+
-rw------- 1 root root 1789 Jul 6 16:54 hostcert.pem
[root@archive-sftp-02 grid-security]# chmod 600 hostkey.pem
+
-rw------- 1 root root 1891 Jul 6 16:55 hostkey.pem
  +
  +
'''Make a copy of hostcert and hostkey for backend and frontend GridFTP servers'''
  +
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_backend.pem
  +
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_frontend.pem
  +
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_backend.pem
  +
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_frontend.pem
  +
  +
'''Restore the umask'''
  +
[root@archive-sftp-02 grid-security]# umask 0022
  +
'''Restore the original permissions for grid-security'''
  +
[root@archive-sftp-02 grid-security]#chmod 755 grid-security
  +
  +
  +
  +
----[[ hidden:HPSS|<small>back to HPPS main page</small>]]

Latest revision as of 10:06, 18 July 2017

HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
Here is an example for archive-sftp-02.lsdf.kit.edu
Change the umask temporarily
only the owner has to have access on these files !!!
[root@archive-sftp-02 grid-security]# umask 0066
umask does not work with scp, better chmod 700 grid-security
[root@archive-sftp-02 grid-security]#chmod 700 grid-security

Put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12' 
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# pwd
/etc/grid-security
[root@archive-sftp-02 grid-security]#chmod 600 archive-sftp-01.lsdf.kit.edu.07.07.2016.p12
[root@archive-sftp-02 grid-security]# rm hostcert.pem 
[root@archive-sftp-02 grid-security]# rm hostkey.pem 
Extract the new hostcert:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
Enter Import Password:
MAC verified OK
Extract the new hostkey:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
Enter Import Password: 
MAC verified OK
[root@archive-sftp-02 grid-security]# ls -al
-rw-------   1 root   root    1789 Jul  6 16:54 hostcert.pem
-rw-------   1 root   root    1891 Jul  6 16:55 hostkey.pem
Make a copy of hostcert and hostkey for backend and frontend GridFTP servers
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_frontend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_frontend.pem
Restore the umask
[root@archive-sftp-02 grid-security]# umask 0022
Restore the original permissions for grid-security
[root@archive-sftp-02 grid-security]#chmod 755 grid-security



back to HPPS main page