Changes between Version 29 and Version 30 of ESGFNodeTutorial

Timestamp:

Jul 10, 2017 5:31:44 PM (5 years ago)

Author:

zequi

Comment:

--

ESGFNodeTutorial

@@ -464 +464 @@
 
 This error seems unavoidable but it also seems that it doesn't affect the esgf functionality.
+
+== Installing a custom certificate in the ESGF Node ==
+
+You should own your certificate file (hostcert.crt) and your private key (hostkey.key). Your /etc/httpd/conf/esgf-httpd.conf must reference your certificate and key:
+
+    228         SSLVerifyClient optional
+    229         SSLVerifyDepth  10
+    230         SSLCertificateFile /etc/certs/hostcert.crt
+    231         #SSLCACertificateFile /etc/certs/esgf-ca-bundle.crt
+    232         SSLCertificateKeyFile /etc/certs/hostkey.key
+    233         #SSLCertificateChainFile /etc/certs/cachain.pem
+    234         SSLOptions +StdEnvVars +ExportCertData
+
+Then you have to import your certificate and your key into your tomcat keystore (located in /esg/config/tomcat/ and named esg-truststore.ts and keystore-tomcat). They are configurated in /usr/local/tomcat/conf/server.xml.
+
+1. If the self-signed certificate is installed in keystore-tomcat, remove it with `keytool -delete -alias ALIAS -keystore keystore-tomcat`, where alias can be obtained with `keytool -v -list -keystore keystore-tomcat`.
+
+2. Execute `# openssl pkcs12 -export -in /etc/certs/hostcert.crt -inkey /etc/certs/hostkey.key -out server.p12 -name my-esgf-node -CAfile /etc/certs/hostcert.crt -caname root` and `keytool -importkeystore -deststorepass PASSWORD -destkeypass PASSWORD -destkeystore keystore-tomcat -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias my-esgf-node`
+
+3. Restart the node: `esg-node restart`
+
 == References ==
  * [https://github.com/ESGF/esgf-installer/wiki/ESGF-Installation-From-scratch ESGF Installation From Scratch]