====== New certificate installation howto ======

Stesps to be done when a new service certificate has to be installed:

On the 3 HAproxy nodes: concatenate the cert and key in a single file that must be called '/etc/grid-security/hostcertkey.pem' and must have the following ownership and protections:

<code>
-rw-------. 1 root root 3364 Mar 26 14:36 /etc/grid-security/hostcertkey.pem
</code>

Then restart the haproxy service:

<code bash>
service haproxy restart
</code>

On the two controller nodes, install the cert and key files as:

<code>
-rw-r--r-- 1 root root 1657 Mar 26 15:02 /etc/grid-security/hostcert.pem
-r-------- 1 root root 1708 Mar 26 15:02 /etc/grid-security/hostkey.pem
-rw-r--r-- 1 shibd shibd 1657 Mar 26 15:02 /etc/shibboleth/sp-cert.pem
-rw------- 1 shibd shibd 1708 Mar 26 15:02 /etc/shibboleth/sp-key.pem
</code>

Please note the ownerships and protections. 

Then restart sshd and shibd:

<code bash>
service httpd restart
service shibd restart
</code>