Difference between revisions of "LFC Certificates"
From GridPP Wiki
Line 8: | Line 8: | ||
If you later update the host certificate, you ''must'' make a new copy of the certificate for <tt>lfcmgr</tt> with the permissions above. | If you later update the host certificate, you ''must'' make a new copy of the certificate for <tt>lfcmgr</tt> with the permissions above. | ||
+ | |||
+ | <tt>Additional notes:</tt> | ||
+ | |||
+ | * The official documentation is at https://svnweb.cern.ch/trac/lcgdm/wiki/Lfc | ||
+ | * You need to restart then the lfcdaemon ( and lcf-dli if you are still running it) | ||
+ | * In case you have also an http interface for the LFC, you need to restart httpd as well | ||
+ | |||
[[Category: LFC]] | [[Category: LFC]] |
Latest revision as of 10:50, 6 February 2017
For the LCG File Catalog to function correctly, it needs to be able to present a valid host certificate. As LFC daemon runs as a non privileged user (a good thing!) a copy of the certificate needs to be made that the lfcmgr user can read.
This certificate is copied by YAIM at install time to /etc/grid-security/lfcmgr/
# ls -l /etc/grid-security/lfcmgr -r--r--r-- 1 lfcmgr lfcmgr 2216 Jul 25 13:28 lfccert.pem -r-------- 1 lfcmgr lfcmgr 3340 Jul 25 13:28 lfckey.pem
If you later update the host certificate, you must make a new copy of the certificate for lfcmgr with the permissions above.
Additional notes:
- The official documentation is at https://svnweb.cern.ch/trac/lcgdm/wiki/Lfc
- You need to restart then the lfcdaemon ( and lcf-dli if you are still running it)
- In case you have also an http interface for the LFC, you need to restart httpd as well