hidden:Install new certificates on HPSS GridFTP servers

HPSS GridFTP servers:archive-sftp-01/02.lsdf.kit.edu
Here is an example for archive-sftp-02.lsdf.kit.edu

Change the umask temporarily
only the owner has to have access on these files !!!
[root@archive-sftp-02 grid-security]# umask 0066
umask does not work with scp, better chmod 700 grid-security
[root@archive-sftp-02 grid-security]#chmod 700 grid-security

Put the new .p12 cert on this machine in /etc/grid-security: ex. archive-sftp-01.lsdf.kit.edu.07.07.2016.p12' 
[root@archive-sftp-02 grid-security]# cd /etc/grid-security
[root@archive-sftp-02 grid-security]# pwd
/etc/grid-security
[root@archive-sftp-02 grid-security]#chmod 600 archive-sftp-01.lsdf.kit.edu.07.07.2016.p12
[root@archive-sftp-02 grid-security]# rm hostcert.pem 
[root@archive-sftp-02 grid-security]# rm hostkey.pem 

Extract the new hostcert:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -clcerts -nokeys -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostcert.pem
Enter Import Password:
MAC verified OK

Extract the new hostkey:
[root@archive-sftp-02 grid-security]# openssl pkcs12 -nocerts -nodes -in archive-sftp-02.lsdf.kit.edu.07.07.2102.p12 -out hostkey.pem
Enter Import Password: 
MAC verified OK
[root@archive-sftp-02 grid-security]# ls -al
-rw-------   1 root   root    1789 Jul  6 16:54 hostcert.pem
-rw-------   1 root   root    1891 Jul  6 16:55 hostkey.pem

Make a copy of hostcert and hostkey for backend and frontend GridFTP servers
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostcert.pem hostcert_archive-sftp-02.lsdf.kit.edu_frontend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_backend.pem
cp hostkey.pem hostkey_archive-sftp-02.lsdf.kit.edu_frontend.pem

Restore the umask
[root@archive-sftp-02 grid-security]# umask 0022
Restore the original permissions for grid-security
[root@archive-sftp-02 grid-security]#chmod 766 grid-security

back to HPPS main page