Changes between Version 30 and Version 31 of ESGFNodeTutorial
- Timestamp:
- Jul 10, 2017 5:34:15 PM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
ESGFNodeTutorial
v30 v31 469 469 You should own your certificate file (hostcert.crt) and your private key (hostkey.key). Your /etc/httpd/conf/esgf-httpd.conf must reference your certificate and key: 470 470 471 228 SSLVerifyClient optional 472 229 SSLVerifyDepth 10 473 230 SSLCertificateFile /etc/certs/hostcert.crt 474 231 #SSLCACertificateFile /etc/certs/esgf-ca-bundle.crt 475 232 SSLCertificateKeyFile /etc/certs/hostkey.key 476 233 #SSLCertificateChainFile /etc/certs/cachain.pem 477 234 SSLOptions +StdEnvVars +ExportCertData 471 228 SSLVerifyClient optional 472 473 229 SSLVerifyDepth 10 474 475 230 SSLCertificateFile /etc/certs/hostcert.crt 476 477 231 #SSLCACertificateFile /etc/certs/esgf-ca-bundle.crt 478 479 232 SSLCertificateKeyFile /etc/certs/hostkey.key 480 481 233 #SSLCertificateChainFile /etc/certs/cachain.pem 482 483 234 SSLOptions +StdEnvVars +ExportCertData 478 484 479 485 Then you have to import your certificate and your key into your tomcat keystore (located in /esg/config/tomcat/ and named esg-truststore.ts and keystore-tomcat). They are configurated in /usr/local/tomcat/conf/server.xml. … … 482 488 483 489 2. Execute `# openssl pkcs12 -export -in /etc/certs/hostcert.crt -inkey /etc/certs/hostkey.key -out server.p12 -name my-esgf-node -CAfile /etc/certs/hostcert.crt -caname root` and `keytool -importkeystore -deststorepass PASSWORD -destkeypass PASSWORD -destkeystore keystore-tomcat -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias my-esgf-node` 490 491 4. Ensure it has been correctly installed with `keytool -v -list -keystore keystore-tomcat`. 484 492 485 493 3. Restart the node: `esg-node restart`