Deploying a Server Certificate

1.

Click on the ``Certificate'' tab. Select the server certificate for deployment.

2.

Click the ``Export'' button. You'll want to export the certificate as a .pem file to a temporary location.

3.

Move the file to /etc/grid-security/hostcert.pem. If there is a hostcert.pem file already there, rename it according to what type of certificate it is. For example, I renamed the globus host certificates as hostcert.pem.globus and then I moved in the new certificate. This file should be owned by root with permissions 644.

4.

Click on the ``Keys'' tab. Select the server key for deployment.

5.

Click the ``Export'' button. You'll want to export the key as a .pem file and without a passphrase. Select a temporary location. When you click OK, TinyCA will ask you for the password protecting the key. If you created the key as specified above, then enter temp for the password.

6.

Move the file to /etc/grid-security/hostkey.pem. If there is a hostkey.pem file already there, rename it according to what type of key it is. For example, I renamed the globus host key as hostkey.pem.globus and then I moved in the new keys. This file should be owned by root with permissions 400. This is very important since the host key is saved without password protection.