CA certificates
Jump to navigation
Jump to search
/!\ This is obsoleted by this page
Procedure to upgrade the CA certificate BEgrid wide
- Login in ccq3 (or any BEgrid quattor client)
- Make repository if not yet the existing:
mkdir CA-cert
- run as root:
cd CA-cert /opt/CB5/tmp/src/begrid/cb-client/cb-client-swrep/swrep.py --mode ca
- This command will fill CA rpms in swrep and create a new cas.tpl file and a new repository/cb-noarch_gridca.tpl
- This is confirmed by the following output message:
Writing file cas.tpl Updated repository file should be in directory repository.
- Replace cfg/grid/glite-3.0.0/common/security/cas.tpl and cfg/grid/glite-3.1/common/security/cas.tpl by the newly generated cas.tpl
- Replace cfg/sites/begrid/repository/cb-noarch_gridca.tpl by repository/cb-noarch_gridca.tpl newly generated
- Do all this for CB5 and CB6 (will be needed for CB6 in the future)
- Commit on svn and deploy with runcheck
- Announce to other BEgrid sites by sending an e-mail. You can this e-mail template.
To: "BEgrid-Tech" <begrid-tech@lists.belnet.be> Subject: New CA rpms (based on IGTF 1.24-1) Message: Hi all, New CA certificates (version 1.24) have been added to the BEgrid central repository. Please run ./runcheck to deploy them at your site. Regards, IIHE Grid Team
New procedure to upgrade the CA certificate BEgrid wide
First, you have to put the new RPMs on our Quattor repository :
[root@ccq ~]# ssh quattorrepository.begrid.be [root@quattorrepository ~]# cd /data/html/begrid/Central_BEGrid_Repository/noarch_gridca [root@quattorrepository ~]# wget -r -np -nH --cut-dirs=6 -R index.html http://repository.egi.eu/sw/production/cas/1/current/RPMS.production/
To update accordingly the repo templates in SVN, use the Ant target "update.rep.templates" in Eclipse.
Then, you still have to update the cas.tpl and ca-policy-egi-core.tpl templates, using the content of http://repository.egi.eu/sw/production/cas/1/current/meta/ca-policy-egi-core.tpl :
*CB5 : trunk/cfg/grid/glite-3.0.0/common/security/cas.tpl trunk/cfg/grid/glite-3.1/common/security/cas.tpl *CB6 : trunk/cfg/grid/glite-3.2/common/security/cas.tpl trunk/cfg/standard/security/ca-policy-egi-core.tpl *CB8 : trunk/cfg/standard/security/ca-policy-egi-core.tpl