Whole site: Host certificate update
Introduction
Updating the host certificate in /etc/grid-security is not always sufficient: some services have a copy of this certificate which they started with. It is therefore necessary to update those copies and restart these services.
For an
automatic update using the YAIM configuration tool:
- update host certificates under /etc/grid-security directory
- reconfigure the whole node using YAIM, not forgetting to use all services (node-types) that need to be mentioned as arguments of the command line.
For a
manual configuration please follow the advices bellow:
- find all locations where you have put copies of the host cert & key files
- ensure the right ownership and permissions are maintained
- restart specific services
List of known paths and ownerships for individual services:
This will help in case paths have changes between different versions of the same service or they are different between different services. For example you can find also: tomcat-cert.pem & tomcat-key.pem
Please find bellow details for specific services:
Services to be restarted
CREAM-CE
- tomcat5 for SL5
- tomcat6 for SL6
- globus-gridftp
- glite-lb-locallogger
lcg-CE
- globus-gatekeeper
- globus-gridftp
- storm-backend, storm-frontend, storm-checksum
- globus-gridftp
SE DPM
- dpm, dpmcopyd, dpm-gsiftp, dpm-httpd, dpnsdaemon
- srmv1, srmv2, srmv2.2
- globus-gridftp
VOMS
WMS