Wiki Display Wiki Display

Keystore Setup

Keystore setup instructions#

First of all, download the keystore vifrtual appliance from the following link http://grid.ct.infn.it/keystore/keystore-vmware.rar. If this is the first time, send an email to mailto:sg-licence@ct.infn.it to get the credentials to access the above link and root password of the virtual machine.

  • Login as root and install CA, CRL and VOMS certificates in:
/etc/grid-security
  • Configure your firewall opening port "25406";
  • Login as securestorage user:
su - securestorage
  • Copy your host certificate and private key in:
/opt/keystore/cert
  • Setting properly certificate and private key file permissions:
chmod 644 <certificate.pem>
chmod 400 <privatekey.pem>
  • Start the keystore service:
/opt/keystore/keystore.sh
  • Backup periodically keys stored in:
/opt/keystore/data
  • You could stop the service using the following command:
kill -9 <keystore_pid>

You could change default path modifying keystore configuration file located in:

/opt/keystore/cfg/securestorage_daemon.properties

Below an example of the keystore configuration:

cat securestorage_daemon.properties
# server daemon property file

#network
server.network.port = 25406

#security
server.security.certificate = /opt/keystore/cert/hostcert.pem
server.security.key = /opt/keystore/cert/hostkey.pem
server.security.ca_path = /etc/grid-security/certificates/
server.security.proxy = /opt/keystore/cert/x509_up_serverdaemon
server.security.proxy_validity = 1
server.security.key_passphrase =
server.database.path = /opt/keystore/data
1 Attachment
2754 Views
Average (0 Votes)
Comments