beautypg.com

Guralp Systems CMG-DCM User Manual

Page 47

background image

Operator's guide

If it reports that the key does not match the certificate, you may

have attempted to load a certificate valid for the wrong token.
Check the certificates you have received, and try again.

Otherwise, you may have to generate a new certificate request
and re-send to the Certification Authority.

If you issue spyrus loadcert without specifying a slot

number, as above, any running CD1.1 transmitters will be

interrupted, and you will need to restart them.

11.The token is now ready to start signing outgoing CD1.1

subframes. However, you will need to configure the format of

these subframes by editing the

/etc/cd11sf.cfg

configuration file. You can do this either directly, or using the
Web configuration interface (see Chapter 6, page 80.)

12.Any further key changes can be handled automatically over

AutoDRM. However, occasionally you may want to supersede
an existing key, or create a new key for a separate stream.

Keys are handled by a system of

key buckets. Each key bucket

consists of a list of keys and activation times. Once the
activation time for a new key passes, the previous key is

superseded, and subsequent subframes are signed by the new
key. You can have a different key bucket active for each stream,

or even several key buckets for the same stream.

Key buckets are stored in the files 0.bkt, 1.bkt, etc., within

the /etc/keybuckets directory. Each line in a key bucket file

has the format

key-id:days-since-epoch:seconds-since-day-start

where days-since-epoch is the number of days elapsed since

November 17, 1989. The CD1.1 transmitter scans this file in
order, and stops when it finds a key with an activation time in

the past (relative to the time-stamp of the data being
transmitted.) Thus, to supersede an existing key, you must place

the new entry

before the old one in the file, so that the CD1.1

transmitter will not continue signing subframes with the old

key.

To make the CD1.1 transmitter sign

all subframes with a new

key, even when backfilling, you should add the line

key-id:0:0

December 2006

47

See also other documents in the category Guralp Systems Equipment: