Task #7273
Updated by Chris Jones almost 9 years ago
From Ben's 07/24/2015 email:
<pre>
1. Find the public key for the certificate used by the server. The dataone-cn-portal buildout postinst script will create a file based on the public certificate that is configured for the given CN (usually a wildcard for the domain). For our test environments, it is: /etc/ssl/certs/_.test.dataone.org.crt.publickey
It’s the stuff between BEGIN/END PUBLIC KEY. I can’t remember if I leave the delimiters or not. Safest to leave them.
2. Register this public key with CILogon to get a myproxy id: https://cilogon.org/oauth/register
You should only register with the round-robin hostname (once per environment) and use URLs that are not machine-specific. Here’s an example from SANDBOX2
Name: DataONE Coordinating Node - Sandbox 2
Home uri: https://cn-sandbox-2.test.dataone.org/portal
Failure uri:https://cn-sandbox-2.test.dataone.org/portal/pages/client-error.jsp
Creation time: Wed Jan 28 17:37:48 CST 2015
Generated identifier: myproxy:oa4mp,2012:/client/66a303882b6e4bec1e91cbf2ccda1e8
3. Include this myproxy id in the portal configuration file. Config file: /var/lib/tomcat7/webapps/portal/WEB-INF/client.xml
For more permanent CN buildouts (e.g., DEV2), include it in the dataone-cn-portal postinst script such that the correct myproxy id will be set in the config file on installation in this environment (there is a big condition block for this).
4. By now, CILogon will have reported back to the email address you registered with that the myproxy client registration is active.
</pre>
<pre>
1. Find the public key for the certificate used by the server. The dataone-cn-portal buildout postinst script will create a file based on the public certificate that is configured for the given CN (usually a wildcard for the domain). For our test environments, it is: /etc/ssl/certs/_.test.dataone.org.crt.publickey
It’s the stuff between BEGIN/END PUBLIC KEY. I can’t remember if I leave the delimiters or not. Safest to leave them.
2. Register this public key with CILogon to get a myproxy id: https://cilogon.org/oauth/register
You should only register with the round-robin hostname (once per environment) and use URLs that are not machine-specific. Here’s an example from SANDBOX2
Name: DataONE Coordinating Node - Sandbox 2
Home uri: https://cn-sandbox-2.test.dataone.org/portal
Failure uri:https://cn-sandbox-2.test.dataone.org/portal/pages/client-error.jsp
Creation time: Wed Jan 28 17:37:48 CST 2015
Generated identifier: myproxy:oa4mp,2012:/client/66a303882b6e4bec1e91cbf2ccda1e8
3. Include this myproxy id in the portal configuration file. Config file: /var/lib/tomcat7/webapps/portal/WEB-INF/client.xml
For more permanent CN buildouts (e.g., DEV2), include it in the dataone-cn-portal postinst script such that the correct myproxy id will be set in the config file on installation in this environment (there is a big condition block for this).
4. By now, CILogon will have reported back to the email address you registered with that the myproxy client registration is active.
</pre>
