Difference between revisions of "Tools/Manuals/TS14"
< Tools
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
{{Template:Op menubar}} | |||
{{Template:Doc_menubar}} | |||
[[Category:Operations Manuals]] | |||
{{TOC_right}} | {{TOC_right}} | ||
------ | ------ | ||
Back to [[Tools/Manuals/SiteProblemsFollowUp|Troubleshooting Guide]] | Back to [[Tools/Manuals/SiteProblemsFollowUp|Troubleshooting Guide]] |
Revision as of 13:40, 23 November 2012
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
Back to Troubleshooting Guide
Host certificate update
Introduction
Updating the host certificate in /etc/grid-security is not always sufficent: some services have a copy of this certificate which they started with. Some services need to be restarted when their certificate changes.
This page gives some examples.
Location and ownership of copies
Copies of the host certificate and key in general have the following rights: 644 for the public key (the certificate) and 600 for the private key.
- FTS
-rw-r--r-- 1 glite root 4599 Apr 17 10:47 /etc/grid-security/glite-data-transfer-agents-cert.pem -r-------- 1 glite root 887 Apr 17 10:47 /etc/grid-security/glite-data-transfer-agents-key.pem -rw-r--r-- 1 tomcat root 4599 Jan 16 10:57 /etc/grid-security/tomcat-cert.pem -r-------- 1 tomcat root 887 Jan 16 10:57 /etc/grid-security/tomcat-key.pem
- LFC
-rw-r--r-- 1 lfcmgr lfcmgr 4689 May 30 2006 /etc/grid-security/lfcmgr/lfccert.pem -r-------- 1 lfcmgr lfcmgr 902 May 30 2006 /etc/grid-security/lfcmgr/lfckey.pem
- VOMS
-rw-r--r-- 1 tomcat root 4624 Mar 27 15:45 /etc/grid-security/tomcat-cert.pem -r-------- 1 tomcat root 891 Mar 27 15:45 /etc/grid-security/tomcat-key.pem
Examples of services to be restarted
- FTS
- tomcat
- transfer-agents
- LCG-CE
- gatekeeper
- LFC
- Nothing to restart
- MyProxy
- Nothing to restart
- VOMS
- tomcat
- gLite
- in case of change of certificate DN - the DN is registered in the VOMS database, so you need to update it:
$ mysql -h <DB_HOST> -u <DB_USER> -p mysql> use voms_<VO name>; mysql> update admins set dn="<new DN>" where dn like "%<old DN>%"; mysql> exit