Difference between revisions of "Tools/Manuals/TS14"

From EGIWiki
Jump to: navigation, search
(Location and ownership of copies)
Line 1: Line 1:
 +
{{Template:Op menubar}}
 +
{{Template:Doc_menubar}}
 +
[[Category:Operations Manuals]]
 
{{TOC_right}}
 
{{TOC_right}}
[[Category:FAQ]]
 
 
------
 
------
 
Back to [[Tools/Manuals/SiteProblemsFollowUp|Troubleshooting Guide]]
 
Back to [[Tools/Manuals/SiteProblemsFollowUp|Troubleshooting Guide]]

Revision as of 12:40, 23 November 2012

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators



Back to Troubleshooting Guide


Host certificate update

Introduction

Updating the host certificate in /etc/grid-security is not always sufficent: some services have a copy of this certificate which they started with. Some services need to be restarted when their certificate changes.

This page gives some examples.

Location and ownership of copies

Copies of the host certificate and key in general have the following rights: 644 for the public key (the certificate) and 600 for the private key.

  • FTS
-rw-r--r--    1 glite    root         4599 Apr 17 10:47 
/etc/grid-security/glite-data-transfer-agents-cert.pem
-r--------    1 glite    root          887 Apr 17 10:47 
/etc/grid-security/glite-data-transfer-agents-key.pem
-rw-r--r--    1 tomcat   root         4599 Jan 16 10:57 /etc/grid-security/tomcat-cert.pem
-r--------    1 tomcat   root          887 Jan 16 10:57 /etc/grid-security/tomcat-key.pem
  • LFC
-rw-r--r--    1 lfcmgr   lfcmgr       4689 May 30  2006 /etc/grid-security/lfcmgr/lfccert.pem
-r--------    1 lfcmgr   lfcmgr        902 May 30  2006 /etc/grid-security/lfcmgr/lfckey.pem
  • VOMS
-rw-r--r--    1 tomcat   root         4624 Mar 27 15:45 /etc/grid-security/tomcat-cert.pem
-r--------    1 tomcat   root          891 Mar 27 15:45 /etc/grid-security/tomcat-key.pem

Examples of services to be restarted

  • FTS
    • tomcat
    • transfer-agents
  • LCG-CE
    • gatekeeper
  • LFC
    • Nothing to restart
  • MyProxy
    • Nothing to restart
  • VOMS
    • tomcat
    • gLite
    • in case of change of certificate DN - the DN is registered in the VOMS database, so you need to update it:
   $ mysql -h <DB_HOST> -u <DB_USER> -p
   mysql> use voms_<VO name>;
   mysql> update admins set dn="<new DN>" where dn like "%<old DN>%";
   mysql> exit