Procedure to renew certificates for VOMS nodes

Login to one of voms production nodes and generate a signed hostcert from the key. The subject should be voms2.cern.ch or lcg-voms2.cern.ch depending on which alias the node is a member of.

certmgr-getcert -n voms2.cern.ch  -k /etc/grid-security/hostkey.pem --kinit <USER_NAME> |tee hostcert.pem

 tbag set --hg lcgvoms/service/admin/voms2 --file hostkey.pem voms_hostkey
 tbag set --hg lcgvoms/service/admin/voms2 --file hostcert.pem voms_hostcert

In this example we are renewing for voms.cern.ch an identical procedure can be done for lcg-voms.cern.ch

Puppet when it next runs will copy keys and restart the service.

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2016-03-29 - SteveTraylen
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback