From EGIWiki
Jump to: navigation, search
Main operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security

Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators


Back to Troubleshooting Guide

Host certificate update


Updating the host certificate in /etc/grid-security is not always sufficient: some services have a copy of this certificate which they started with. It is therefore necessary to update those copies and restart these services.

For an automatic update using the YAIM configuration tool:

For a manual configuration please follow the advices bellow:

Location and ownership of copies

locate key.pem

This will help in case paths have changes between different versions of the same service or they are different between different services. For example you can find also: tomcat-cert.pem & tomcat-key.pem

# ll /etc/grid-security/*.pem
-rw-r--r-- 1 root   root 1428 Oct 22 10:19 /etc/grid-security/hostcert.pem
-r-------- 1 root   root  887 Oct 22 10:19 /etc/grid-security/hostkey.pem
-rw-r--r-- 1 tomcat root 1428 Nov 12 16:01 /etc/grid-security/tomcat-cert.pem
-r-------- 1 tomcat root  887 Nov 12 16:01 /etc/grid-security/tomcat-key.pem

and, depending on the glite user home directory:

# ll /var/glite/.certs/*.pem
-rw-r--r-- 1 glite glite 1419 Dec 13 12:00 /var/glite/.certs/hostcert.pem
-r-------- 1 glite glite 887 Dec 5 16:59 /var/glite/.certs/hostkey.pem 


# ll /home/glite/.certs/*.pem
-rw-r--r-- 1 glite glite 1428 Dec 13 12:00 /home/glite/.certs/hostcert.pem
-r-------- 1 glite glite  887 Nov 12 16:03 /home/glite/.certs/hostkey.pem 
-rw-r--r--    1 glite    root         4599 Apr 17 10:47 
-r--------    1 glite    root          887 Apr 17 10:47 
-rw-r--r--    1 tomcat   root         4599 Jan 16 10:57 /etc/grid-security/tomcat-cert.pem
-r--------    1 tomcat   root          887 Jan 16 10:57 /etc/grid-security/tomcat-key.pem
 -rw-r--r--    1 lfcmgr   lfcmgr       4689 May 30  2006 /etc/grid-security/lfcmgr/lfccert.pem
 -r--------    1 lfcmgr   lfcmgr        902 May 30  2006 /etc/grid-security/lfcmgr/lfckey.pem

Examples of services to be restarted

 $ mysql -h <DB_HOST> -u <DB_USER> -p
 mysql> use voms_<VO name>;
 mysql> update admins set dn="<new DN>" where dn like "%<old DN>%";
 mysql> exit

Revision History

Version Authors Date Comments
Alessandro Paolini 2017-10-30 updated the VOMS information
Personal tools