I've been toying with using a service cert to connect to my AG2.2 venues server. I was confused at first when I would set the service cert as the default and then run VenueServer.py. I was unable to use the VenueManagement.py app to connect to the venue server. Mind you this was done with no previous .dat or .cfg files for the venue server. So I thought I'd try using the identity cert. Setting the ID cert as the default and restarting the venue server allowed me to connect with the VenueManagement.py app using the ID cert. I was then able to add the DN for the Service cert and restart everything with the service cert.
This brings a couple questions to mind. Should the service cert be added to the admins in the first place? Are there any inherent security risks? One might need to change something and only have the localhost available at the moment to make the change. Would it work to install an ID cert and a service cert, set things up and run the venue server with the service cert and then switch the default back to the ID cert? This way when you run the VM app you use the ID cert but the server is still running the service cert. You wouldn't necessarily need to give the service cert admin privileges. Should one just run the server with the ID cert and set the proxy to expire in 8747 hours? This has ramifications when rebooting but that would be simple enough to work out. At this point I'm leaning towards having both ID and service certs installed on the server and running under the service cert and setting the ID cert as default. Then leaving the service cert out of the admin group. I'm just wondering if this is the most efficient/flexible way of running things. Any other thoughts? Thanx, Michael Miller System Engineer Visualization Technology Support Computing and Data Management National Center for Supercomputing Applications University of Illinois - UC 217-649-0747 "If you're clear in your vision and trust the people in your team with clear objectives, they will invariably do their best to achieve everything desired, and usually deliver everything you could have hoped for and even more." -Paul Debevec
