Infrastructure

From Ben's 07/24/2015 email:

1. Find the public key for the certificate used by the server. The dataone-cn-portal buildout postinst script will
create a file based on the public certificate that is configured for the given CN (usually a wildcard for the domain).
For our test environments, it is: /etc/ssl/certs/_.test.dataone.org.crt.publickey
It’s the stuff between BEGIN/END PUBLIC KEY. I can’t remember if I leave the delimiters or not. Safest to leave them.

1. Register this public key with CILogon to get a myproxy id: https://cilogon.org/oauth/register
   You should only register with the round-robin hostname (once per environment) and use URLs that are not machine-
   specific. Here’s an example from SANDBOX2:
   Name: DataONE Coordinating Node - Sandbox 2
   Home uri: https://cn-sandbox-2.test.dataone.org/portal
   Failure uri:https://cn-sandbox-2.test.dataone.org/portal/pages/client-error.jsp
   Creation time: Wed Jan 28 17:37:48 CST 2015
   Generated identifier: myproxy:oa4mp,2012:/client/66a303882b6e4bec1e91cbf2ccda1e8

2. Include this myproxy id in the portal configuration file. Config file: /var/lib/tomcat7/webapps/portal/WEB-INF/client.xml
   For more permanent CN buildouts (e.g., DEV2), include it in the dataone-cn-portal postinst script such that the correct
   myproxy id will be set in the config file on installation in this environment (there is a big condition block for this).

3. By now, CILogon will have reported back to the email address you registered with that the myproxy client
   registration is active.