Configuring Apache server configuration file providing SSL support

1) Get a host certificate

  • If it is your personal machine:
    • Go to http://ca.cern.ch, sign in with your user certificate and request a host certificate. Server certificate and server private key will be generated.
    • Put the server certificate and server private key in /etc/grid-security/
  • If it is in the dashboard cluster, ask the dashboard admin. The admin will do 'host-certificate-request' from lxvoadm
2) Run as root:

yum install ca_CERN-Root

3) As a root, modify the file /etc/httpd/conf.d/ssl.conf to point to your certificate. In particular you need to have the following lines:

SSLCertificateFile /etc/grid-security/yourcertificate.pem

SSLCertificateKeyFile /etc/grid-security/privkey.pem

SSLCACertificatePath /etc/grid-security/certificates

Check to see if it is working at this point. If you have problems you might need to perform the following additional steps:

1. Verify the certificate chains:

openssl verify -CApath /etc/grid-security/certificates/ /etc/grid-security/certificate.pem

You might need to verify your user certificate as well. If you get "error 20 at 0 depth lookup" error, you can go to /afs/cern.ch/alice/alien2/pro/globus/share/certificates/ and copy the necessary files into /etc/grid-security/certificates/.

2. Add the following line (if it's not there already) to the ssl.conf file.

SSLOptions +StdEnvVars +ExportCertData

-- PabloSaiz - 20-Jul-2010

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2012-02-03 - PabloSaiz
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ArdaGrid All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback