GT 2.4 Obtaining and Installing a Host Certificate

The process of creating a private key and acquiring a certificate for a host is relatively simple, as it is a mostly automated process.  It should only take a few minutes to submit a certificate request to the Certificate Authority.  The certificate authoriy should respond via email with your certificate within a few days.

1)    Create the /etc/grid-security directory if it is not already present. Please the web page on /etc/grid-security for instructions for doing so.

2)    Follow the directions for the Globus Certificate Service to obtain a host certificate. You should install the host certificate in /etc/grid-security (i.e. specific -dir /etc/grid-security when running grid-cert-request).

3)   Once you are done you should have two files in the /etc/grid-security direct: usercert.pem and userkey.pem (you may also have a usercert_request.pem file which can be ignored). Both should be writtable only by root. The file userkey.pem must be readable only by root.

 4) Create symlinks for GSI use

For operation with gsi-enabled applications such as gsi-enabled ssh and gsiftp, you should create some symbolic links at this point so that these applications can find the host certificate and key files. The commands to execute are:

# cd /etc/grid-security
# ln -s usercert.pem hostcert.pem
# ln -s userkey.pem hostkey.pem
	

By default, GSI deamons such as gsiftp and sshd will look for these file by the names hostcert.pem and hostkey.pem instead of the standard globus names usercert.pem and userkey.pem.. These symlinks allow these daemons to operate.

This is due to the GSI transition as something that is always part of Globus to a package that can be stand-alone and will go away in future versions. Sorry for the inconvience.

6) Finish any other need configuration in /etc/grid-security. Please the web page on /etc/grid-security for instructions for doing so.