Replacing Certificates

CANN V100R020C10 Development Auxiliary Tool Guide (Inference) 01

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Ascend EP Scenario
Ascend RC Scenario

Ascend EP Scenario

Prerequisites

Before replacing a certificate, rename the key and certificate files obtained in Applying to a Third-Party Organization for a Certificate (Commercialization). The mapping between the names before and after renaming is as follows.

Table 10-14 Key and certificate files

Original Name	New Name
server.key	ide_daemon_server_key.pem
server.crt	ide_daemon_server_cert.pem
client.key	ide_daemon_client_key.pem
client.crt	ide_daemon_client_cert.pem
ca.crt	ide_daemon_cacert.pem

Procedure

Before replacing a certificate, you are advised to back up the original certificate and key. After the certificate is replaced, delete the backup files.

Generate the corresponding readable *.secu and *.store files of the character string encryption files ide_daemon.secu and ide_daemon.store.
1. Configure the environment by referring to Preparing the Ascend EP Environment.
2. Log in to the server installed with Toolkit as the running user..
  
  In the following content, the HwHiAiUser is used as the running user of the Toolkit component. If another user is specified during Toolkit installation, replace HwHiAiUser with the specified user.
3. Run the following command to generate character string encryption files ide_daemon.secu and ide_daemon.store in the current directory:
  Ensure that the HwHiAiUser user has the write permission on the directory where the command is run.
  In commercial use, enter the password as prompted and set the password as required.
```
adc --key
```
4. Run the following commands to generate the readable *.secu and *.store files of the ide_daemon.secu and ide_daemon.store files, respectively:
```
openssl base64 -out secu -in  ide_daemon.secu
openssl base64 -out store -in  ide_daemon.store
```
Replace the key and certificate on the host.
- ~ indicates the home directory of the ada process running user.
- You can run the ps -ef | grep ada command to view the running user of the ada process as the same user who replaces the certificate and restarts the ada process.
1. Copy the ide_daemon_server_key.pem, ide_daemon_server_cert.pem, ide_daemon_cacert.pem files renamed in Prerequisites to replace the corresponding files in the ~/ide_daemon directory as the ada process running user (HwHiAiUser by default).
2. Log in to the host as the ada process running user (HwHiAiUser by default).
3. Go to the ~/ide_daemon directory. Open the ide_daemon.cfg file, change the value of SECU to the content in the *.secu file generated in 1, change the value of STORE to the content in the *.store file generated in 1, and save the ide_daemon.cfg file.
  You need to combine multiple lines of character strings in the *.secu file into one line and set the combined character string to the SECU parameter. Similarly, combine multiple lines of character strings in the *.store file into one line and set the combined character string to the STORE parameter.
4. Run the following command to check whether the certificates are valid:
```
openssl verify -CAfile ide_daemon_cacert.pem  ide_daemon_server_cert.pem
```
5. Restart the ada process for the new certificate to take effect. For details, see How Do I Restart the ada Process?.
Replace the key and certificate on the server where Toolkit is installed.
1. Copy the ide_daemon_client_key.pem, ide_daemon_client_cert.pem, and ide_daemon_cacert.pem files in Prerequisites to the /home/HwHiAiUser/Ascend/ascend-toolkit/latest/toolkit/tools/ide_daemon/conf directory as the HwHiAiUser user (running user of Toolkit).
2. Log in to the server installed with Toolkit as the running user..
3. Go to the /home/HwHiAiUser/Ascend/ascend-toolkit/latest/toolkit/tools/ide_daemon/conf directory. Open the ide_daemon.cfg file, change the value of SECU to the content in the *.secu file generated in 1, change the value of STORE to the content in the *.store file generated in 1, and save the ide_daemon.cfg file.
  You need to combine multiple lines of character strings in the *.secu file into one line and set the combined character string to the SECU parameter. Similarly, combine multiple lines of character strings in the *.store file into one line and set the combined character string to the STORE parameter.
4. Run the following command to check whether the certificates are valid:
```
openssl verify -CAfile ide_daemon_cacert.pem  ide_daemon_client_cert.pem
```

Ascend RC Scenario

Prerequisites

Table 10-15 Key and certificate files

Original Name	New Name
server.key	ide_daemon_server_key.pem
server.crt	ide_daemon_server_cert.pem
client.key	ide_daemon_client_key.pem
client.crt	ide_daemon_client_cert.pem
ca.crt	ide_daemon_cacert.pem

Procedure

Before replacing a certificate, you are advised to back up the original certificate and key. After the certificate is replaced, delete the backup files.

Generate the corresponding readable *.secu and *.store files of the character string encryption files ide_daemon.secu and ide_daemon.store.
1. Log in to the developer board as the HwHiAiUser user.
2. Run the following command to generate character string encryption files ide_daemon.secu and ide_daemon.store in the current directory:
  Ensure that the HwHiAiUser user has the write permission on the directory where the command is run.
  In commercial use, enter the password as prompted and set the password as required.
```
./adc --key
```
3. Run the following commands to generate the readable *.secu and *.store files of the ide_daemon.secu and ide_daemon.store files, respectively:
```
openssl base64 -out secu -in  ide_daemon.secu
openssl base64 -out store -in  ide_daemon.store
```
Replace the key and certificate on the developer board.
- ~ indicates the home directory of the ada process running user.
- You can run the ps -ef | grep ada command to view the running user of the ada process. The same user used to replace the certificate and restart the ada process must be the same.
1. Copy the files renamed in Prerequisites to replace the corresponding files in the ~/ide_daemon and /var directories as the HwHiAiUser user.
2. Log in to the developer board as the HwHiAiUser user.
3. Go to the ~/ide_daemon directory. Open the ide_daemon.cfg file, change the value of SECU to the content in the *.secu file generated in 1, change the value of STORE to the content in the *.store file generated in 1, and save the ide_daemon.cfg file.
  You need to combine multiple lines of character strings in the *.secu file into one line and set the combined character string to the SECU parameter. Similarly, combine multiple lines of character strings in the *.store file into one line and set the combined character string to the STORE parameter.
4. Run the following command to check whether the certificates are valid:
```
openssl verify -CAfile ide_daemon_cacert.pem  ide_daemon_client_cert.pem
openssl verify -CAfile ide_daemon_cacert.pem  ide_daemon_server_cert.pem
```
5. Go to the /var directory. Open the ide_daemon.cfg file, change the value of SECU to the content in the *.secu file generated in 1, change the value of STORE to the content in the *.store file generated in 1, and save the ide_daemon.cfg file.
  You need to combine multiple lines of character strings in the *.secu file into one line and set the combined character string to the SECU parameter. Similarly, combine multiple lines of character strings in the *.store file into one line and set the combined character string to the STORE parameter.
6. Run the following command to check whether the certificates are valid:
```
openssl verify -CAfile ide_daemon_cacert.pem  ide_daemon_client_cert.pem
openssl verify -CAfile ide_daemon_cacert.pem  ide_daemon_server_cert.pem
```
7. Restart the ada process for the new certificate to take effect. For details, see How Do I Restart the ada Process?.
Replace the key and certificate on the server where the Toolkit component is installed. (If the Toolkit component is not installed, skip this step.)
1. Copy the ide_daemon_client_key.pem, ide_daemon_client_cert.pem, and ide_daemon_cacert.pem files in Prerequisites to the /home/HwHiAiUser/Ascend/ascend-toolkit/latest/toolkit/tools/ide_daemon/conf directory as the HwHiAiUser user (running user of Toolkit).
2. Log in to the server installed with Toolkit as the running user..
3. Go to the /home/HwHiAiUser/Ascend/ascend-toolkit/latest/toolkit/tools/ide_daemon/conf directory. Open the ide_daemon.cfg file, change the value of SECU to the content in the *.secu file generated in 1, change the value of STORE to the content in the *.store file generated in 1, and save the ide_daemon.cfg file.
  You need to combine multiple lines of character strings in the *.secu file into one line and set the combined character string to the SECU parameter. Similarly, combine multiple lines of character strings in the *.store file into one line and set the combined character string to the STORE parameter.
4. Run the following command to check whether the certificates are valid:
```
openssl verify -CAfile ide_daemon_cacert.pem  ide_daemon_client_cert.pem
```

Ascend EP Scenario
Ascend RC Scenario

Translation

简体中文

Download

Updated: 2020-12-11

Document ID: EDOC1100164848

Downloads: 27

Average rating:

This Document Applies to these Products

Ascend EP Scenario

Prerequisites

Procedure

Ascend RC Scenario

Prerequisites

Procedure

Related Version

Related Documents