Administering Globus Hosts

Getting a Globus DOEgrids host certificate

To generate a Globus host certificate

All certificates are kept as backup in /u/globus/DOEGrids_Certificates/<hostname>.
And stored for use in /usr/pppl/cppg/hosts/etc/grid-security/<hostname>

# To generate a request.
# On transpgrid or portal as account globus
module load globus
com="/usr/pppl/cppg/hosts/all/etc/grid-security/doegrids/grid-cert-request -ca 1c3f2ca8"
host=<hostname> # This is an example host name
dir=/u/globus/DOEGrids_Certificates/$host
/bin/mkdir $dir
cd $dir
$com -dir $dir -host "$host.pppl.gov"

# To submit the request (IF NOT A DOEGRIDS ADMINISTRATOR)
Bring up https://pki1.doegrids.org
Click on "Grid or SSL Server" menu item on this Enrollment page
Then and cut and paste the file
/u/globus/DOEGrids_Certificates/<hostname>/hostcert_request.pem into the PKCS#10 text field.
Additional information required is:
Password ... Can leave this blank or get password from Lew R.
Username ... Yours
E-mail address ... Yours
Phone ...... Yours
Project .... FusionGrid
Then click Submit.

# To submit the request (IF A DOEGRIDS ADMINISTRATOR)
Bring up https://pki1.doegrids.org
Using a browser holding your DOEGrids certificate
Click on "GridAdmin Interface" menu item on this Enrollment page
Then and cut and paste the file
/u/globus/DOEGrids_Certificates/<hostname>/hostcert_request.pem into the PKCS#10 text
field.
Additional information required is:
Email: ........
Affiliation ... FusionGrid
Then click Submit.

# To store the certificate
You will receive email with instructions:
To install this host certificate, follow the URL link in the
message sent to you by the CA, and cut and paste the
"Base64 encoded certificate" into
/u/globus/DOEGrids_Certificates/<hostname>/hostcert.pem

Installing a Globus DOEgrids host certificate for use

           To install a Globus host certificate for use

Copy /globus/DOEGrids_Certificates/<hostname>/host*.pem to
/usr/pppl/cppg/hosts/etc/grid-security/<hostname>/etc/grid-security/.