Details
-
Type: Monitor
-
Status: Closed
-
Priority: Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Chapter:Data
-
HD-Enabler:Cosmos
Description
Created question in FIWARE Q/A platform on 16-03-2015 at 17:03
Please, ANSWER this question AT http://stackoverflow.com/questions/29081518/cosmos-installation-on-localhost
Question:
Cosmos installation on localhost
Description:
I try to install cosmos, on localhost, but i found a problem, I dont know to follow this steps.
First i create a certs and pem, but in step4 move the .pem i dont know that pem to move i have two pem. And I try to verify openssl verify -CApath /etc/pki/tls/certs .pem the two pem but dont work.
Step 3: generating and installing the master node's certificate
The platform requires a certificate for the master node, signed by a valid CA, is installed in order to be shown as an authentication proof. Thus, this certificate must be created by generating a Certificate Signing Request (CSR); do it once in the master node:
$ openssl req -newkey rsa:2048 -new -keyout newkey.pem -out newreq.pem
The above command will prompt for certain information; the most important information regarding the Cosmos platform is the name of the server (whichever hostname was chosen for the cosmos master node) where the certificate is going to be installed, and that the challenge password must be empty. Althought the PEM pass phrase must be empty (otherwise, the httpd server will not be automatically started), it has to be filled in this step and removed later by performing:
$ openssl rsa -in newkey.pem -out newkey.pem
Reached this point, you may choose among two options for signing the certificate:
Use a valid CA in the Internet. The content of the generated SCR (newreq.pem file) must be used within the CA in order to retrieve the final certificate, which will be typically called certnew.cer. The way each CA manages the CSR varies from one to another.
Self-signing the certificate. In this case, you have to perform this command:
$ openssl req -new -x509 -key newkey.pem -out certnew.cer
In any case, once the certificate (certnew.cer), key (newkey.pem) and CSR (newreq.pem) have been got, rename the files according to this (do it in all the machines):
$ cp newkey.pem [COSMOS_TMP_PATH]/puppet/modules/cosmos/files/environments/<my_environment>/certs/<cosmos-master-node>_key.pem
$ cp cernew.cer [COSMOS_TMP_PATH]/puppet/modules/cosmos/files/environments/<my_environment>/certs/<cosmos-master-node>_cer.pem
$ cp newreq.pem [COSMOS_TMP_PATH]/puppet/modules/cosmos/files/environments/<my_environment>/certs/<cosmos-master-node>_req.pem
Step 4: CA's certificate installation
The CA's certificate itself must be installed. Download it from the appropiate link (if you self-signed the master node's certificates, then such certificate is the CA's certificate as well) and do the following in the Cosmos master node:
Copy the CA's certificate (generic name <ca_cert>.pem) to the local certificates store and change directory to it:
$ mv <ca_cert>.pem /etc/pki/tls/certs
$ cd /etc/pki/tls/certs
Create a symbolic link for the CA's certificate. An 8-digit-number-based file will be created. It is very important the extension of this file is '.0':
$ ln -s <ca_cert>.pem `openssl x509 -hash -noout -in <ca_cert>.pem`.0
Verify the certificate has ben successfully installed:
$ openssl verify -CApath /etc/pki/tls/certs <ca_cert>.pem
xxxxxxxx.0: OK
You must see a 8-digit hash .0 file followed by "OK".
2015-11-06 03:05|CREATED monitor | # answers= 1, accepted answer= True