Serviço Experimental de CIrcuitos aPrOvisionados dinamicamente (SE-CIPÓ)

Skip to end of metadata
Go to start of metadata

Como utilizar o Serviço

Para utilizar o serviço de monitoramento há duas formas:

  1. Através da interface da máquina de monitoramento: http://monitoramento.cipo[.pop-xx].rnp.br;
  2. Através de invocações web-services do protocolo do perfSONAR.

A primeira forma de uso é autoexplicativa. A segunda forma de uso será explicada abaixo.

Lembrar que para obter informações relevantes, deve-se ter circuitos criados.

Invocação web-services do protocolo perfSONAR

Para quem está iniciando com a implementação do perfSONAR, os serviços fornecem um cliente para acesso aos serviços através do protocolo do perfSONAR. Mas nada impede que se implemente um cliente com mais funcionalidades que seja dos moldes parecido com o cliente implementadado pelos serviços.

Clientes Serviços

No caso do monitoramento de circuitos, deve-se baixar 2 serviços que estamos utilizando e começar a fazer os testes.

O SNMP-MA e o Status Service é encontrado em:

 

É aconselhado instalar estes serviços nas máquinas de teste (de implementação de sua ferramenta). Caso a aplicação esteja instalada na mesma máquina de monitoramento, elas já vêm com estes pacotes instalados.

Exemplos de Clientes

Neste serviços existem exemplos de clientes para acessar o serviço.

 

No SNMP-MA ele se encontra em:

  • /opt/perfsonar_ps/snmp_ma/bin/

Mensagens de exemplo em:

  • /opt/perfsonar_ps/snmp_ma/etc/requests/

 

No Status-MA ele se encontra em:

  • /opt/perfsonar_ps/status/bin/

Mensagens de exemplo em:

  • /opt/perfsonar_ps/status/doc/requests/

 

Exemplos de Invocação

 

Tipos de Mensagens

  • EchoRequest – Verifica se o serviço está ativo
  • MetadataKeyRequest – Busca os metadatas que descrevem os tipos de testes  que estão armazenados
  • SetupDataRequest – Busca informações sobre os testes armazenados

 

Exemplos

SNMP-MA

 

EchoRequest

<?xml version="1.0" encoding="UTF-8"?>
<!--
  perfSONAR-PS Echo message
  Use:
    perl client.pl URL EchoRequest.xml
  Expected Response:
    <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"
                  messageIdRef="EchoMessage1" id="message.11515259"
                  type="EchoResponse">
      <nmwg:metadata metadataIdRef="metadata1" id="metadata.6012497">
        <nmwg:eventType>success.echo</nmwg:eventType>
      </nmwg:metadata>
 
      <nmwg:data metadataIdRef="metadata.6012497" id="data.2038174">
        <nmwgr:datum xmlns:nmwgr="http://ggf.org/ns/nmwg/result/2.0/">The echo request has passed.</nmwgr:datum>
      </nmwg:data>
 
      <nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" id="metadata1">
        <nmwg:eventType>http://schemas.perfsonar.net/tools/admin/echo/2.0</nmwg:eventType>
      </nmwg:metadata>
    </nmwg:message>
-->
 
<nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"
              type="EchoRequest" id="EchoMessage1">
  <nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"
                 id="metadata1">
    <nmwg:eventType>http://schemas.perfsonar.net/tools/admin/echo/2.0</nmwg:eventType>
  </nmwg:metadata>
  <nmwg:data xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"
             id="data1" metadataIdRef="metadata1" />
</nmwg:message>

 

Exemplo de invocação:

# cd /opt/perfsonar_ps/snmp_ma/bin
# perl client.pl http://200.237.193.35:9990/perfSONAR_PS/services/SNMPMA ../etc/requests/EchoRequest.xml
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
<nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" messageIdRef="EchoMessage1" id="message.16320030" type="EchoResponse"><nmwg:metadata metadataIdRef="metadata1" id="metadata.2650783"><nmwg:eventType>success.echo</nmwg:eventType></nmwg:metadata><nmwg:data metadataIdRef="metadata.2650783" id="data.2878083"><nmwgr:datum xmlns:nmwgr="http://ggf.org/ns/nmwg/result/2.0/">The echo request has passed.</nmwgr:datum></nmwg:data><nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" id="metadata1">
    <nmwg:eventType>http://schemas.perfsonar.net/tools/admin/echo/2.0</nmwg:eventType>
  </nmwg:metadata></nmwg:message>  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

 

MetadataKeyRequest

<?xml version="1.0" encoding="UTF-8"?>

<!--

  perfSONAR-PS MetadataKeyRequest

  Use:

    perl client.pl URL MetadataKeyRequest-1.xml

  Expected Response:

  <nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"

                messageIdRef="metadataKeyRequest1" id="message.5860294"

                type="MetadataKeyResponse">

    <nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"

                   id="metadata.12888488" metadataIdRef="m-in-netutil-1">

      <netutil:subject xmlns:netutil="http://ggf.org/ns/nmwg/characteristic/utilization/2.0/"

                       id="s-in-netutil-1">

        <nmwgt:interface xmlns:nmwgt="http://ggf.org/ns/nmwg/topology/2.0/">

          <nmwgt:ifAddress type="ipv4">127.0.0.1</nmwgt:ifAddress>

          <nmwgt:hostName>localhost</nmwgt:hostName>

          <nmwgt:ifName>eth0</nmwgt:ifName>

          <nmwgt:ifIndex>2</nmwgt:ifIndex>

          <nmwgt:direction>in</nmwgt:direction>

          <nmwgt:capacity>1000000000</nmwgt:capacity>

        </nmwgt:interface>

      </netutil:subject>

      <nmwg:parameters id="p-in-netutil-1">

        <nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:parameter>

        <nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:parameter>

      </nmwg:parameters>

      <nmwg:eventType>http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:eventType>

      <nmwg:eventType>http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:eventType>

    </nmwg:metadata>

    <nmwg:data metadataIdRef="metadata.12888488" id="data.3259890">

      <nmwg:key>

        <nmwg:parameters id="params.0">

          <nmwg:parameter name="maKey">aa0db2b9c7acd26a8eae4f576cc30149</nmwg:parameter>

        </nmwg:parameters>

      </nmwg:key>

    </nmwg:data>

  </nmwg:message>

-->

 

<nmwg:message xmlns:netutil="http://ggf.org/ns/nmwg/characteristic/utilization/2.0/"

              xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"

              xmlns:nmwgt="http://ggf.org/ns/nmwg/topology/2.0/"

              type="MetadataKeyRequest" id="metadataKeyRequest1">

 

  <nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"

                id="metadata1">

    <netutil:subject xmlns:netutil="http://ggf.org/ns/nmwg/characteristic/utilization/2.0/"

                     id="s-in-netutil-1">

    </netutil:subject>

    <nmwg:eventType>http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:eventType>

  </nmwg:metadata>

 

  <nmwg:data xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/"

             id="data1" metadataIdRef="metadata1"/>

 

</nmwg:message>

 

Exemplo de invocação:

# perl client.pl http://monitoramento.cipo.rnp.br:9990/perfSONAR_PS/services/SNMPMA ../etc/requests/MetadataKeyRequest-1.xml
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
<nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" messageIdRef="metadataKeyRequest1" id="message.4408554" type="MetadataKeyResponse"><nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" xmlns:netutil="http://ggf.org/ns/nmwg/characteristic/utilization/2.0/" xmlns:nmwgt="http://ggf.org/ns/nmwg/topology/2.0/" id="metadata.1270602" metadataIdRef="m-in-utilization-0"><netutil:subject id="s-in-utilization-0"><nmwgt:interface><nmwgt:ifAddress type="ipv4">200.143.254.64</nmwgt:ifAddress><nmwgt:ipAddress type="ipv4">200.143.254.64</nmwgt:ipAddress><nmwgt:hostName>RJO</nmwgt:hostName><nmwgt:ifName>ge-2/3/4.145</nmwgt:ifName><nmwgt:ifDescription>cipo.rnp.br-41</nmwgt:ifDescription><nmwgt:ifIndex>1077</nmwgt:ifIndex><nmwgt:direction>in</nmwgt:direction><nmwgt:capacity>1000000000</nmwgt:capacity></nmwgt:interface></netutil:subject><nmwg:parameters id="p-in-utilization-0"><nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:parameter><nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:parameter></nmwg:parameters><nmwg:eventType>http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:eventType><nmwg:eventType>http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:eventType></nmwg:metadata><nmwg:data metadataIdRef="metadata.1270602" id="data.1579949"><nmwg:key><nmwg:parameters id="params.0"><nmwg:parameter name="maKey">1412eed65238ace1c3b50bb984408891</nmwg:parameter></nmwg:parameters></nmwg:key></nmwg:data><nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" xmlns:netutil="http://ggf.org/ns/nmwg/characteristic/utilization/2.0/" xmlns:nmwgt="http://ggf.org/ns/nmwg/topology/2.0/" id="metadata.10999887" metadataIdRef="m-out-utilization-0"><netutil:subject id="s-out-utilization-0"><nmwgt:interface><nmwgt:ifAddress type="ipv4">200.143.254.64</nmwgt:ifAddress><nmwgt:ipAddress type="ipv4">200.143.254.64</nmwgt:ipAddress><nmwgt:hostName>RJO</nmwgt:hostName><nmwgt:ifName>ge-2/3/4.145</nmwgt:ifName><nmwgt:ifDescription>cipo.rnp.br-41</nmwgt:ifDescription><nmwgt:ifIndex>1077</nmwgt:ifIndex><nmwgt:direction>out</nmwgt:direction><nmwgt:capacity>1000000000</nmwgt:capacity></nmwgt:interface></netutil:subject><nmwg:parameters id="p-out-utilization-0"><nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:parameter><nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:parameter></nmwg:parameters><nmwg:eventType>http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:eventType><nmwg:eventType>http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:eventType></nmwg:metadata><nmwg:data metadataIdRef="metadata.10999887" id="data.4053856"><nmwg:key><nmwg:parameters id="params.0"><nmwg:parameter name="maKey">494a554b8ee81bb274aeba15f4746c75</nmwg:parameter></nmwg:parameters></nmwg:key></nmwg:data><nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" xmlns:netutil="http://ggf.org/ns/nmwg/characteristic/utilization/2.0/" xmlns:nmwgt="http://ggf.org/ns/nmwg/topology/2.0/" id="metadata.11303915" metadataIdRef="m-in-utilization-1"><netutil:subject id="s-in-utilization-1"><nmwgt:interface><nmwgt:ifAddress type="ipv4">200.143.254.60</nmwgt:ifAddress><nmwgt:ipAddress type="ipv4">200.143.254.60</nmwgt:ipAddress><nmwgt:hostName>POA</nmwgt:hostName><nmwgt:ifName>ge-2/3/4.747</nmwgt:ifName><nmwgt:ifDescription>cipo.rnp.br-41</nmwgt:ifDescription><nmwgt:ifIndex>640</nmwgt:ifIndex><nmwgt:direction>in</nmwgt:direction><nmwgt:capacity>1000000000</nmwgt:capacity></nmwgt:interface></netutil:subject><nmwg:parameters id="p-in-utilization-1"><nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:parameter><nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:parameter></nmwg:parameters><nmwg:eventType>http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:eventType><nmwg:eventType>http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:eventType></nmwg:metadata><nmwg:data metadataIdRef="metadata.11303915" id="data.7583620"><nmwg:key><nmwg:parameters id="params.0"><nmwg:parameter name="maKey">f2e838430f1ba5631befc5c3b6fde9f0</nmwg:parameter></nmwg:parameters></nmwg:key></nmwg:data><nmwg:metadata xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" xmlns:netutil="http://ggf.org/ns/nmwg/characteristic/utilization/2.0/" xmlns:nmwgt="http://ggf.org/ns/nmwg/topology/2.0/" id="metadata.1521361" metadataIdRef="m-out-utilization-1"><netutil:subject id="s-out-utilization-1"><nmwgt:interface><nmwgt:ifAddress type="ipv4">200.143.254.60</nmwgt:ifAddress><nmwgt:ipAddress type="ipv4">200.143.254.60</nmwgt:ipAddress><nmwgt:hostName>POA</nmwgt:hostName><nmwgt:ifName>ge-2/3/4.747</nmwgt:ifName><nmwgt:ifDescription>cipo.rnp.br-41</nmwgt:ifDescription><nmwgt:ifIndex>640</nmwgt:ifIndex><nmwgt:direction>out</nmwgt:direction><nmwgt:capacity>1000000000</nmwgt:capacity></nmwgt:interface></netutil:subject><nmwg:parameters id="p-out-utilization-1"><nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:parameter><nmwg:parameter name="supportedEventType">http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:parameter></nmwg:parameters><nmwg:eventType>http://ggf.org/ns/nmwg/characteristic/utilization/2.0</nmwg:eventType><nmwg:eventType>http://ggf.org/ns/nmwg/tools/snmp/2.0</nmwg:eventType></nmwg:metadata><nmwg:data metadataIdRef="metadata.1521361" id="data.16525246"><nmwg:key><nmwg:parameters id="params.0"><nmwg:parameter name="maKey">a8f13dfce38361af9a771059a5218df3</nmwg:parameter></nmwg:parameters></nmwg:key></nmwg:data></nmwg:message>  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Reassinar Certificado

NOTAS IMPORTANTES:

→ Utilizar a AC do PoP, a mesma utilizada na implantação do serviço

→ SENHAS:
            SENHA_KEYSTORE = Senha definida por cada domínio
            SENHA_ALIAS = password

→ OBSERVAÇÃO RELEVANTE: SENHA_ALIAS deve ser a palavra password

 

1. Mudar diretório

# cd /opt/OSCARS-client-api/examples/repo

2. Mover requisição de certificado

# mv monitoramento.csr monitoramento.csr-2013-03-26

3. Verificar validade do certificado

# openssl x509 -in 21_monitoramento[-pop-xx-]cipo-rnp-br-pem-v2.cer -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 33 (0x21)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=AC-SSL da ICPEDU, ST=Distrito Federal, C=BR/emailAddress=gopac@icp.edu.br, O=ICPEDU, O=RNP, L=Brasilia
Validity
Not Before: Mar 14 16:48:53 2012 GMT
Not After : Mar 14 16:48:53 2013 GMT
Subject: CN=monitoramento.cipo.rnp.br, ST=RJ, C=BR, O=ICPEDU, OU=RNP, L=Rio de Janeiro
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:80:1b:6b:0b:16:12:0f:bb:6c:09:c2:88:7f:b6:
1f:8d:97:c0:c6:74:bd:49:37:98:50:4e:83:0c:21:
f4:22:f9:15:be:56:95:9b:4a:3e:1b:54:ad:ba:64:
b8:e0:7f:68:5d:97:50:ce:85:8f:9d:62:f3:b0:db:
12:70:ca:46:cc:f3:66:e0:9b:63:19:77:b0:7d:92:
e0:31:98:15:ee:d1:65:73:ba:88:f8:bc:59:7f:9a:
37:c3:24:93:03:35:1f:46:ee:bc:83:14:cc:4e:81:
31:8e:c8:4d:cc:f1:87:86:3e:a6:f4:db:99:d9:0e:
95:1b:f3:a9:8c:1c:dc:b6:0f:98:f3:64:b7:c2:9b:
8c:b4:68:d8:6b:74:e0:a2:a2:0c:b4:3c:b9:3c:69:
1b:b1:e4:a5:82:a8:79:38:48:8a:da:b9:b7:a2:f7:
ca:98:8e:ca:54:8c:c4:1a:c5:f5:09:f7:f7:88:ab:
51:37:04:91:6e:e4:94:78:1d:4b:a4:15:d8:ea:63:
70:ae:66:32:54:76:42:cc:87:f1:8e:ba:16:ca:90:
6a:c8:52:9b:5b:4a:5c:63:32:c5:c5:77:90:6e:92:
aa:09:4e:3f:34:7a:11:3a:e2:3f:43:77:51:05:d2:
e8:4e:f6:8c:42:49:48:94:d7:8b:18:da:84:60:cc:
d1:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Authority Key Identifier:
keyid:A6:6B:07:CA:16:47:E9:FA:6D:40:5C:30:F6:B0:4C:D2:95:0E:BB:98
DirName:/C=BR/O=RNP/O=ICPEDU/OU=GOPAC/CN=AC Raiz ICPEDU/ST=DF/L=Brasilia/emailAddress=gopac@icp.edu.br
serial:07
X509v3 Subject Key Identifier:
DE:B0:FC:3F:B1:75:DC:6A:C5:A8:B6:8F:89:1B:40:8C:6C:6B:8F:9B
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
URI:http://ac-ssl.icp.edu.br/repositorio/lcr-ac-ssl.crl
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.15996.1.1.3.0.8
CPS: http://ac-ssl.icp.edu.br/repositorio/pc-dpc-ac-ssl-20091015.pdf
User Notice:
Explicit Text: Os certificados da ICPEDU sao para uso exclusivo por instituicoes brasileiras de ensino e pesquisa, e nao tem eficacia probante.
Signature Algorithm: sha1WithRSAEncryption
05:d5:e3:5a:54:da:22:8f:fe:9f:88:b3:f5:9a:d0:f5:98:0f:
a5:41:b2:d0:4a:95:57:d5:19:31:95:d7:df:32:e9:17:58:86:
18:67:3f:26:fa:aa:29:c4:c3:d5:cf:23:e5:c1:62:26:b9:57:
4f:ce:e1:b4:1f:b5:b7:dd:62:11:f2:96:b0:e8:c1:77:7d:89:
cf:0a:f7:5a:d5:84:4e:b4:59:07:f7:ab:27:0b:88:5c:ef:b5:
a9:83:83:b6:54:11:85:57:ba:8c:8e:69:d4:00:8d:cd:15:e1:
2c:ce:ea:f9:76:d8:19:67:75:0e:20:5d:81:e7:1c:df:87:8c:
79:32:d8:a8:f4:57:63:35:da:b1:f2:56:64:55:5e:62:9d:c3:
da:92:3e:fd:49:80:bc:9a:ef:d6:38:d8:16:a1:03:ac:36:75:
37:aa:64:a9:ac:d0:98:38:cd:2a:30:08:33:69:e7:1d:07:79:
59:3b:49:a0:4a:bb:a5:89:ce:82:56:9e:61:b5:fd:54:96:93:
87:94:e4:d5:d0:41:f6:37:f3:25:e0:8c:67:79:88:a1:e7:97:
f6:bc:1a:9e:8d:77:5f:b3:d1:33:e1:be:ae:38:32:46:80:ff:
60:e0:8c:bd:06:f9:92:1e:bc:75:fb:3c:eb:0d:20:0a:60:d5:
83:95:97:a2

4. Remover entrada no keystore

# keytool -keystore OSCARS.jks -delete
Enter alias name: monitoramento
Enter keystore password:
You have new mail in /var/mail/root

5. Recriar entrada no keystore

# keytool -genkey -alias monitoramento -keystore OSCARS.jks -keyalg rsa
Enter keystore password:
What is your first and last name?
[Unknown]: monitoramento[.pop-xx].cipo.rnp.br
What is the name of your organizational unit?
[Unknown]: RNP
What is the name of your organization?
[Unknown]: ICPEDU
What is the name of your City or Locality?
[Unknown]: Cidade
What is the name of your State or Province?
[Unknown]: XX
What is the two-letter country code for this unit?
[Unknown]: BR
Is CN=monitoramento.pop-xx.cipo.rnp.br, OU=RNP, O=ICPEDU, L=Cidade, ST=XX, C=BR correct?
[no]: yes
Enter key password for <monitoramento>
(RETURN if same as keystore password):
Re-enter new password:

6. Verificar entrada no keystore

# cd /opt/OSCARS-client-api/examples/repo
# keytool -keystore OSCARS.jks -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
ac-ssl-icpedu, Mar 14, 2012, trustedCertEntry,
Certificate fingerprint (SHA1): 60:CC:9E:1E:F6:B4:0D:88:29:0B:31:89:0B:3F:A0:04:A6:FF:1D:4D
ac-raiz-icpedu, Mar 14, 2012, trustedCertEntry,
Certificate fingerprint (SHA1): 53:9E:DC:E8:7F:5D:4E:8F:51:71:58:AA:1E:FB:11:6D:69:D8:7E:53
monitoramento, Mar 26, 2013, PrivateKeyEntry,
Certificate fingerprint (SHA1): 00:65:34:2C:DE:D2:77:F5:ED:D2:7E:31:B1:EA:5A:9F:D8:25:FF:A3

7. Gerar requisição de assinatura do certificado recém gerado

# keytool -certreq -alias monitoramento -keystore OSCARS.jks -file monitoramento.csr
Enter keystore password:
Enter key password for <monitoramento>

8. Assinar o Certificado

Assinar na unidade certtificadora ou enviar para RNP realizar o procedimento de assinação.

9. Importar novo certificado após assinar

# cd /opt/OSCARS-client-api/examples/repo
# keytool -import -keystore OSCARS.jks -alias monitoramento -file monitoramento.cer Enter keystore password:
Enter key password for <monitoramento>
Certificate reply was installed in keystore root@RNP-MON-DCN:/opt/OSCARS-client-api/examples/repo# keytool -keystore OSCARS.jks -list Enter keystore password:
 
Keystore type: JKS
Keystore provider: SUN
 
Your keystore contains 3 entries
 
ac-ssl-icpedu, Mar 14, 2012, trustedCertEntry, Certificate fingerprint (SHA1): 60:CC:9E:1E:F6:B4:0D:88:29:0B:31:89:0B:3F:A0:04:A6:FF:1D:4D
ac-raiz-icpedu, Mar 14, 2012, trustedCertEntry, Certificate fingerprint (SHA1): 53:9E:DC:E8:7F:5D:4E:8F:51:71:58:AA:1E:FB:11:6D:69:D8:7E:53
monitoramento, Mar 26, 2013, PrivateKeyEntry, Certificate fingerprint (SHA1): 04:C6:AC:20:43:51:7C:E3:C2:F5:37:36:14:AD:2A:19:89:70:A3:A0

 

 

  • No labels