/[pdpsoft]/trunk/eu.rcauth.pilot-ica/CA/README
ViewVC logotype

Contents of /trunk/eu.rcauth.pilot-ica/CA/README

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2888 - (show annotations) (download)
Thu Mar 17 11:25:17 2016 UTC (6 years, 4 months ago) by msalle
File size: 1818 byte(s)
Minor update on needed changes

1 This directory contains all the files and scripts needed to setup a Online-CA
2 backend MyProxy server, where the private key is stored on a SafeNet eToken.
3
4 PREREQUISITES:
5 - obtain a copy of the SafenetAuthenticationClient and install it in
6 ./safenet
7 we are using SafenetAuthenticationClient-9.1.7-0. Other versions might have
8 different names for the services: look for SAC in the install script.
9 - It needs to be installed in combination with a Delegation Service, see this
10 same repository ../DS
11 - make the necessary replacements for your domain in
12 ./scripts/install.sh
13 ./scripts/mail_notifier.sh
14 look for nikhef and optionally for the SafenetAuthenticationClient.
15 Also change the sed lines setting the rcauth-related entries in the sysconfig
16 file.
17 - Copy the entire (updated) directory to a USB stick.
18
19 ------------------------------------------------------------------------
20 INSTALLATION:
21 1) install a minimal CentOS7 system:
22 - no swap
23 - large /var partition
24 - preferably an encrypted / partition
25
26 2) upon installation and reboot:
27 - mount USB stick containing this entire directory on /mnt
28 - run /mnt/scripts/install.sh 2>&1 | tee install.log
29
30 3) wait till the Delegation Server is installed with CentOS
31
32 4) run /mnt/scripts/push_keys.sh
33
34 5) continue installing the Delegation Server
35
36 6) when the Delegation Server is running (in particular squid):
37 - yum update --enablerepo
38
39 7) insert eToken
40
41 8) run /mnt/scripts/extract_token.sh
42
43 9) this step is ONLY NEEDED when the 'cacert' is a Robot certificate and the
44 service is supposed to generate Per-User Sub-Proxies (PUSPs):
45 - uncomment the line with
46 certificate_issuer_subca_certfile
47 in the myproxy-server.config.etoken-ca config file
48 - restart the myproxy-server:
49 systemctl restart myproxy-server
50

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28