Difference between revisions of "Requesting or Renewing Host certificates"
| Line 19: | Line 19: | ||
== 1b) Renewing an existing (valid) host certificate == | == 1b) Renewing an existing (valid) host certificate == | ||
| − | To renew a host certificate, follow the procedure on the [http://ca.dutchgrid.nl/info/rekey Dutchgrid CA website]. Part of this procedure involves downloading and executing a shell script. Executing the script has to be done as user root on server vlaai. Create a new directory /export/perm/share/grid-security/''hostname''/''year'' to hold the new key/certificate pair. Then execute the downloaded script, providing the existing certificate as parameter: | + | To renew a host certificate, follow the procedure on the [http://ca.dutchgrid.nl/info/rekey Dutchgrid CA website]. Part of this procedure involves downloading and executing a shell script. Executing the script has to be done as user root on server vlaai. Create a new directory /export/perm/share/grid-security/''hostname''/''year'' to hold the new key/certificate pair. Then execute the downloaded script, providing the existing certificate as parameter (according to convention, it should be present in the directory corresponding to the previous year) and use options -d to store the output files in the desired directory: |
# mkdir -p /export/perm/share/grid-security/tbn01/2008 | # mkdir -p /export/perm/share/grid-security/tbn01/2008 | ||
| Line 25: | Line 25: | ||
# ls -l ../2007/usercert.pem | # ls -l ../2007/usercert.pem | ||
-rw-r--r-- 1 root root 5146 Jan 30 2007 ../2007/usercert.pem | -rw-r--r-- 1 root root 5146 Jan 30 2007 ../2007/usercert.pem | ||
| + | # dca-rekey-pack.sh -d . ../2007/usercert.pem | ||
| + | This will create a few files, including one called userkey.pem | ||
| + | Complete the administrative procedure as described on the CA web page and continue with step 2). | ||
== 2) Installing the key/certificate pair on the host == | == 2) Installing the key/certificate pair on the host == | ||
Revision as of 15:31, 7 November 2008
This guide describes how to request a new host certificate or renew an existing one, and what to do with the new/renewed certificate.
If the host already has a valid certificate, skip step 1a) and continue with step 1b)
1a) Request a new host certificate
To request a new host certificate, follow the procedure on the Dutchgrid CA website. Part of this procedure involves downloading and executing a shell script. Executing the script has to be done as user root on server vlaai, in directory /export/perm/share/grid-security/hostname/year (which should probably be created first!). For example, for host graszode in year 2008:
# mkdir -p /export/perm/share/grid-security/graszode/2008 # cd /export/perm/share/grid-security/graszode/2008 # sh ./makerequest.sh .
This will create a few files, including one called userkey.pem
Complete the administrative procedure as described on the CA web page and continue with step 2).
1b) Renewing an existing (valid) host certificate
To renew a host certificate, follow the procedure on the Dutchgrid CA website. Part of this procedure involves downloading and executing a shell script. Executing the script has to be done as user root on server vlaai. Create a new directory /export/perm/share/grid-security/hostname/year to hold the new key/certificate pair. Then execute the downloaded script, providing the existing certificate as parameter (according to convention, it should be present in the directory corresponding to the previous year) and use options -d to store the output files in the desired directory:
# mkdir -p /export/perm/share/grid-security/tbn01/2008 # cd /export/perm/share/grid-security/tbn01/2008 # ls -l ../2007/usercert.pem -rw-r--r-- 1 root root 5146 Jan 30 2007 ../2007/usercert.pem # dca-rekey-pack.sh -d . ../2007/usercert.pem
This will create a few files, including one called userkey.pem
Complete the administrative procedure as described on the CA web page and continue with step 2).
