LHCBb VOBOX
From PDP/Grid Wiki
Revision as of 10:18, 1 April 2015 by Dennisvd@nikhef.nl (talk | contribs) (Created page with "The VO BOX for LHCb (kot) requires an e-science host certificate, that can be used by LHCb for running a dirac service. Note that the certificate has voboxlhcb.nikhef.nl as a...")
The VO BOX for LHCb (kot) requires an e-science host certificate, that can be used by LHCb for running a dirac service.
Note that the certificate has voboxlhcb.nikhef.nl as a DNS alternative name.
The normal installation procedure will place hostcert.pem and hostkey.pem in /etc/grid-security/certificates/, owned by root with read permissions on the key for root only.
In order for LHCb to use a newly installed certificate, a file ACL should be set so the sgmlhcb user can also read the key.
setfacl -m user:sgmlhcb:r-- /etc/grid-security/hostkey.pem