List of host certificates
From BeSTGRID
To keep track of the host certificates for all the grid gateways I administer, I have decided to put them together in a single table to see the due dates for renewing the certificates. This is the list of certificates for Canterbury (with Otago to follow). I encourage other grid admins within BeSTGRID to create a similar table for their systems.
| Host | Purpose | Ser.# | Issued | Expires | Action (+ reason) | Distinguished Name |
|---|---|---|---|---|---|---|
| ucgridgw | Xen host OS | 522 | 2007-03-21 | 2008-03-20 | Do not renew - no cert needed | /C=AU/O=APACGrid/OU=BeSTGRID-UoC/CN=ucgridgw.canterbury.ac.nz |
| grid | User client tools | 572 | 2007-04-24 | 2008-04-23 | Renew - may run a GridFTP server | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/grid.canterbury.ac.nz |
| gridgwtest | Testing grid sw | 573 | 2007-04-24 | 2008-04-23 | Renew - though cert not really needed | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/gridgwtest.canterbury.ac.nz |
| myproxy | MyProxy server | 574 | 2007-04-24 | 2008-04-23 | Renew - though service not really used | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/myproxy.canterbury.ac.nz |
| ng1 | Ng1 gateway (GT2) | 575 | 2007-04-24 | 2008-04-23 | Do not renew - service will not be deployed | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/ng1.canterbury.ac.nz |
| ng2 | Ng2 gateway (GT4) for NGCompute | 576 | 2007-04-24 | 2008-04-23 | Renew (move to 861) - production service | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/ng2.canterbury.ac.nz |
| ng2 | Ng2 gateway (GT4) for NGCompute | 834 | 2007-08-22 | 2008-08-21 | Do not renew - this was a test certificate | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=ng2.canterbury.ac.nz |
| ng2 | Ng2 gateway (GT4) for NGCompute | 861 | 2007-09-05 | 2008-09-04 | Renew when needed - production service | /C=NZ/O=BeSTGRID/OU=University of Canterbury/CN=ng2.canterbury.ac.nz |
| ng2 | Ng2 gateway (GT4) for NGCompute | 862 | 2007-09-05 | 2008-09-04 | Do not renew - this was a test certificate | /C=NZ/O=BeSTGRID/OU=University_of_Canterbury/CN=ng2.canterbury.ac.nz |
| ngdata | Ngdata | 577 | 2007-04-24 | 2008-04-23 | Do not renew now (services would run on hpcgrid?) | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/ngdata.canterbury.ac.nz |
| ngcompute | NGCompute test PBS cluster | 578 | 2007-04-24 | 2008-04-23 | Do not renew - no cert needed | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/ngcompute.canterbury.ac.nz |
| nggums | GUMS authentication server | 579 | 2007-04-24 | 2008-04-23 | Superseded by 835 | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/nggums.canterbury.ac.nz |
| nggums | GUMS authentication server | 835 | 2007-08-22 | 2008-08-21 | Renew - service being deployed | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=nggums.canterbury.ac.nz |
| ngportal | GridSphere portal | 580 | 2007-04-24 | 2008-04-23 | Superseded by 792 | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/ngportal.canterbury.ac.nz |
| ngportal | GridSphere portal | 792 | 2007-07-17 | 2008-07-16 | Renew - production service | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=ngportal.canterbury.ac.nz |
| ngportaldev | GridSphere development portal | 836 | 2007-08-22 | 2008-08-21 | Renew - useful as testbed | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=ngportaldev.canterbury.ac.nz |
| vomrs | VOMRS server | 581 | 2007-04-24 | 2008-04-23 | Do not renew - service not deployed | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=host/vomrs.canterbury.ac.nz |
| xpc14a0 | Development workstation | 631 | 2007-05-25 | 2008-05-24 | Do not renew - no longer needed | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=xpc14a0.math.canterbury.ac.nz |
| ng2hpc | GT4 gateway for HPC | 682 | 2007-06-07 | 2008-06-06 | Renew - production service | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=ng2hpc.canterbury.ac.nz |
| ng2sge | GT4 gateway for Oldesparky | 683 | 2007-06-07 | 2008-06-06 | Renew - service still planned | /C=AU/O=APACGrid/O=BeSTGRID/OU=University of Canterbury/CN=ng2sge.canterbury.ac.nz |
| hpcgrid1 | IBM p520 - GridFTP server for HPC | 1109 | 2008-02-13 | 2009-02-12 | Renew - service to be deployed | /C=NZ/O=BeSTGRID/OU=University of Canterbury/CN=hpcgrid1.canterbury.ac.nz |
Note that all certificates should be renewed without a "host/" prefix, and in the
For ng2 gateway, ask for new name to be added to the MDS gridmap file
Action items:
- Ng2: ask for MDS mapping, switch to NZ certificate (more recent) Due: April 23, 2008
- Reissue: grid gridgwtest myproxy Due: April 23, 2008
- Reissue: ngportal ngportaldev nggums ng2hpc ng2sge (AU namespace, due June-August)
- Revisit this list by September 2008 (ng2 would expire)
Items done:
- GUMS: switch to a more recent certificate
- Request certificates to be reissued.
- Notes:
- Request host certificates with a script based on ARCS HostCertificates request guidelines:
root@ucgridgw:~/hostcerts# ./bestgrid-cert-request.sh ~/hostcerts-renew2008/nggums nggums.canterbury.ac.nz vladimir.mencl@canterbury.ac.nz
- The script invokes openssql req, with a config based on APACGrid CA's ssl.conf.
- Request host certificates with a script based on ARCS HostCertificates request guidelines:
