How to install the APACGrid CA bundle.

Migrated to new twiki 4/12/2007, DRB

How to check that an existing CA bundle does "NOT" exist on your system.

• /etc/grid-security does not exist, or
• at least one of the files contained in the APACGrid_CA_Bundle_Full.tar.gz allready exists in /etc/grid-security and /etc/grid-security/certificates.

Full APACGrid CA Bundle Install - for if you "DO NOT" already have any CA bundles installed on your machine

• If you don't have an existing /etc/grid-security directory then just download APACGrid_CA_Bundle_Full.tar.gz to your /etc directory.
  • run tar -xzvf APACGrid_CA_Bundle_Full.tar.gz
  • run rm APACGrid_CA_Bundle_Full.tar.gz
  • now ensure that the owner and group is set appropriately.
• If /etc/grid-security does exist but none of the files in APACGrid_CA_Bundle_Full.tar.gz exist in /etc/grid-security and /etc/grid-security/certificates then
  • create a temporary directory in /tmp
  • download APACGrid_CA_Bundle_Full.tar.gz to you temporary directory
  • tar -xzvf APACGrid_CA_Bundle_Full.tar.gz and copy the files from your newly created grid-security directory to their corrorsponding places int /etc/grid-security
  • delete the temporary directory.
  • now ensure that the owner and group of the new files are set appropriately.
• now vi /etc/grid-security/certificates/globus-host-ssl.conf.1e12d831
  • now replace any occurence of "VPAC" to your own organisational Name as listed here. if it is not listed exactly then send an e-mail to camanager@vpac.org to have it corrected or added.
  • now replace any occurence of "hostname.vpac.edu.au" with hostname.yourdomain.
• now vi /etc/grid-security/certificates/globus-user-ssl.conf.1e12d831
  • now replace any occurence of "VPAC" to your own organisational Name as listed here. if it is not listed exactly then send and e-mail to camanager@vpac.org to have it corrected or added.

Minimal APACGrid CA Bundle Install - for if you already have any CA bundles installed on your machine

• cd /etc/grid-security/certificates
• download APACGrid_CA_Bundle_Minimal.tar.gz to the current directory.
• tar -xzvf APACGrid_CA_Bundle_Minimal.tar.gz
• rm APACGrid_CA_Bundle_Minimal.tar.gz
• now ensure that the owner and group of the new files are set appropriately.
• now vi /etc/grid-security/certificates/globus-host-ssl.conf.1e12d831
  • now replace any occurence of "VPAC" to your own organisational Name as listed here. if it is not listed exactly then send and e-mail to camanager@vpac.org to have it corrected or added.
  • now replace any occurence of "hostname.vpac.edu.au" with hostname.yourdomain.
• now vi /etc/grid-security/certificates/globus-user-ssl.conf.1e12d831
  • now replace any occurence of "VPAC" to your own organisational Name as listed here. if it is not listed exactly then send and e-mail to camanager@vpac.org to have it corrected or added.

Patching the grid-cert-request script

• The initial grid-cert-request scripts supplied with most versions of Globus instruct users to email their generated request to their CA manager; this procedure is inappropriate for our CA. To rectify this, you should download (into /tmp) and execute http://vpac.org/grid/files/grid-cert-request-patch

• APACGrid_CA_Bundle_Full.tar.gz:

• APACGrid_CA_Bundle_Minimal.tar.gz:

Migrated to new twiki 4/12/2007, DRB