CA certificates

From T2B Wiki
Jump to navigation Jump to search

/!\ This is obsoleted by this page


Procedure to upgrade the CA certificate BEgrid wide

  • Login in ccq3 (or any BEgrid quattor client)
  • Make repository if not yet the existing:
mkdir CA-cert
  • run as root:
cd CA-cert
/opt/CB5/tmp/src/begrid/cb-client/cb-client-swrep/swrep.py --mode ca
  • This command will fill CA rpms in swrep and create a new cas.tpl file and a new repository/cb-noarch_gridca.tpl
  • This is confirmed by the following output message:
Writing file cas.tpl
Updated repository file should be in directory repository.
  • Replace cfg/grid/glite-3.0.0/common/security/cas.tpl and cfg/grid/glite-3.1/common/security/cas.tpl by the newly generated cas.tpl
  • Replace cfg/sites/begrid/repository/cb-noarch_gridca.tpl by repository/cb-noarch_gridca.tpl newly generated
  • Do all this for CB5 and CB6 (will be needed for CB6 in the future)
  • Commit on svn and deploy with runcheck
  • Announce to other BEgrid sites by sending an e-mail. You can this e-mail template.
To: "BEgrid-Tech" <begrid-tech@lists.belnet.be>
Subject: New CA rpms (based on IGTF 1.24-1)
Message: 
Hi all,

New CA certificates (version 1.24) have been added to the BEgrid central 
repository. Please run ./runcheck to deploy them at your site.

Regards,
IIHE Grid Team

New procedure to upgrade the CA certificate BEgrid wide

First, you have to put the new RPMs on our Quattor repository : 

[root@ccq ~]# ssh quattorrepository.begrid.be
[root@quattorrepository ~]# cd /data/html/begrid/Central_BEGrid_Repository/noarch_gridca
[root@quattorrepository ~]# wget -r -np -nH --cut-dirs=6 -R index.html http://repository.egi.eu/sw/production/cas/1/current/RPMS.production/

To update accordingly the repo templates in SVN, use the Ant target "update.rep.templates" in Eclipse.

Then, you still have to update the cas.tpl and ca-policy-egi-core.tpl templates, using the content of http://repository.egi.eu/sw/production/cas/1/current/meta/ca-policy-egi-core.tpl : 

*CB5 :
trunk/cfg/grid/glite-3.0.0/common/security/cas.tpl
trunk/cfg/grid/glite-3.1/common/security/cas.tpl
*CB6 :
trunk/cfg/grid/glite-3.2/common/security/cas.tpl
trunk/cfg/standard/security/ca-policy-egi-core.tpl
*CB8 :
trunk/cfg/standard/security/ca-policy-egi-core.tpl


Template:TracNotice

Retrieved from ‘https://t2bwiki.iihe.ac.be/index.php?title=CA_certificates&oldid=638