hidden:Install new certificates on HPSS GridFTP servers: Difference between revisions

From Lsdf
Jump to navigationJump to search
No edit summary
No edit summary
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
'''HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu'''
Here is an example for archive-sftp-02.lsdf.kit.edu
'''Here is an example for archive-sftp-02.lsdf.kit.edu'''

'''change the umask temporarily'''
'''Change the umask temporarily'''
'''only the root user has to have access on these files !!!'''
'''only the owner has to have access on these files !!!'''
[root@archive-sftp-02 grid-security]# umask 0066
[root@archive-sftp-02 grid-security]# umask 0066
'''put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12''''
'''umask does not work with scp, better chmod 700 grid-security'''
[root@archive-sftp-02 grid-security]#chmod 700 grid-security

'''Put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12''''
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# pwd
[root@archive-sftp-02 grid-security]# pwd
/etc/grid-security
/etc/grid-security
[root@archive-sftp-02 grid-security]# mv hostcert.pem
[root@archive-sftp-02 grid-security]#chmod 600 archive-sftp-01.lsdf.kit.edu.07.07.2016.p12
[root@archive-sftp-02 grid-security]# rm hostcert.pem
hostcert.pem.old.06.07.2016
[root@archive-sftp-02 grid-security]# mv hostkey.pem
[root@archive-sftp-02 grid-security]# rm hostkey.pem

hostkey.pem.old.06.07.2016
'''Extract the new hostcert:'''
'''Extract the new hostcert:'''
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
Enter Import Password:
Enter Import Password:
MAC verified OK
MAC verified OK

'''Extract the new hostkey:'''
'''Extract the new hostkey:'''
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
Line 24: Line 29:
-rw------- 1 root root 1789 Jul 6 16:54 hostcert.pem
-rw------- 1 root root 1789 Jul 6 16:54 hostcert.pem
-rw------- 1 root root 1891 Jul 6 16:55 hostkey.pem
-rw------- 1 root root 1891 Jul 6 16:55 hostkey.pem

'''Make a copy of hostcert and hostkey for backend and frontend GridFTP servers'''
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_frontend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_frontend.pem

'''Restore the umask'''
'''Restore the umask'''
[root@archive-sftp-02 grid-security]# umask 0022
[root@archive-sftp-02 grid-security]# umask 0022
'''Restore the original permissions for grid-security'''
[root@archive-sftp-02 grid-security]#chmod 755 grid-security



----[[ hidden:HPSS|<small>back to HPPS main page</small>]]

Latest revision as of 10:06, 18 July 2017

HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
Here is an example for archive-sftp-02.lsdf.kit.edu

Change the umask temporarily
only the owner has to have access on these files !!!
[root@archive-sftp-02 grid-security]# umask 0066
umask does not work with scp, better chmod 700 grid-security
[root@archive-sftp-02 grid-security]#chmod 700 grid-security


Put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12' 
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# pwd
/etc/grid-security
[root@archive-sftp-02 grid-security]#chmod 600 archive-sftp-01.lsdf.kit.edu.07.07.2016.p12
[root@archive-sftp-02 grid-security]# rm hostcert.pem 
[root@archive-sftp-02 grid-security]# rm hostkey.pem 

Extract the new hostcert:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
Enter Import Password:
MAC verified OK

Extract the new hostkey:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
Enter Import Password: 
MAC verified OK
[root@archive-sftp-02 grid-security]# ls -al
-rw-------   1 root   root    1789 Jul  6 16:54 hostcert.pem
-rw-------   1 root   root    1891 Jul  6 16:55 hostkey.pem

Make a copy of hostcert and hostkey for backend and frontend GridFTP servers
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_frontend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_frontend.pem

Restore the umask
[root@archive-sftp-02 grid-security]# umask 0022
Restore the original permissions for grid-security
[root@archive-sftp-02 grid-security]#chmod 755 grid-security


back to HPPS main page

Retrieved from "https://wiki.scc.kit.edu/lsdf/index.php?title=hidden:Install_new_certificates_on_HPSS_GridFTP_servers&oldid=4907"