Location of certification lists that have to be updated daily:
/afs/cern.ch/lhcb/distribution/production_tools/grid-security.tar.gz
Directory structure for host GRID certificates:
[root@store02 grid-security]# ll /etc/grid-security
drwxr-xr-x 2 root root 20480 Feb 8 11:57 certificates
-rw-r--r-- 1 root root 2435 Feb 8 12:05 hostcert.pem
-r-------- 1 root root 887 Feb 7 15:29 hostkey.pem
Commands to generate certificates:
openssl pkcs12 -export -inkey privkey.pem -in newcert.cer -out myCertificate.pks
openssl pkcs12 -in myCertificate.pks -out /etc/grid-security/hostcert.pem -clcerts -nokeys
privkey.pem is the hostkey.pem file. Should be owned by root with 400 access.
Certification help page at CERN:
http://ca.cern.ch
Machines with host certificates:
--
RaduStoica - 08 Feb 2008