Changes between Version 30 and Version 31 of ESGFNodeTutorial


Ignore:
Timestamp:
Jul 10, 2017 5:34:15 PM (4 years ago)
Author:
zequi
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ESGFNodeTutorial

    v30 v31  
    469469You should own your certificate file (hostcert.crt) and your private key (hostkey.key). Your /etc/httpd/conf/esgf-httpd.conf must reference your certificate and key:
    470470
    471     228         SSLVerifyClient optional
    472     229         SSLVerifyDepth  10
    473     230         SSLCertificateFile /etc/certs/hostcert.crt
    474     231         #SSLCACertificateFile /etc/certs/esgf-ca-bundle.crt
    475     232         SSLCertificateKeyFile /etc/certs/hostkey.key
    476     233         #SSLCertificateChainFile /etc/certs/cachain.pem
    477     234         SSLOptions +StdEnvVars +ExportCertData
     471228         SSLVerifyClient optional
     472
     473229         SSLVerifyDepth  10
     474
     475230         SSLCertificateFile /etc/certs/hostcert.crt
     476
     477231         #SSLCACertificateFile /etc/certs/esgf-ca-bundle.crt
     478
     479232         SSLCertificateKeyFile /etc/certs/hostkey.key
     480
     481233         #SSLCertificateChainFile /etc/certs/cachain.pem
     482
     483234         SSLOptions +StdEnvVars +ExportCertData
    478484
    479485Then you have to import your certificate and your key into your tomcat keystore (located in /esg/config/tomcat/ and named esg-truststore.ts and keystore-tomcat). They are configurated in /usr/local/tomcat/conf/server.xml.
     
    482488
    4834892. Execute `# openssl pkcs12 -export -in /etc/certs/hostcert.crt -inkey /etc/certs/hostkey.key -out server.p12 -name my-esgf-node -CAfile /etc/certs/hostcert.crt -caname root` and `keytool -importkeystore -deststorepass PASSWORD -destkeypass PASSWORD -destkeystore keystore-tomcat -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias my-esgf-node`
     490
     4914. Ensure it has been correctly installed with `keytool -v -list -keystore keystore-tomcat`.
    484492
    4854933. Restart the node: `esg-node restart`