Whole site: Host certificate update
Introduction
Updating the host certificate in /etc/grid-security is not always sufficient: some services have a copy of this certificate which they started with. It is therefore necessary to update those copies and restart these services.
This page tends to sum up services which need to be restarted.
Copies location and rights
Copies of certificate are in general with the following rights:
- 644 for public key (hostcert.pem)
- 600 for the private key (hostkey.pem)
Generally you can easily find the location using locate unix command:
locate hostcert.pem
locate hostkey.pem
but for some services they change the file name like:
- tomcat-cert.pem
- tomcat-key.pem
usually you can find the host certificate and key in /etc/grid-security or in a sub directory named like the services (voms, storm, dpm, ...)
Services to be restarted
CREAM-CE
lcg-CE
- globus-gatekeeper
- globus-gridftp
- storm-backend, storm-frontend, storm-checksum
- globus-gridftp
SE DPM
- dpm, dpmcopyd, dpm-gsiftp, dpm-httpd, dpnsdaemon
- srmv1, srmv2, srmv2.2
- globus-gridftp
VOMS
WMS