Grid Certificate

From Etp
Jump to: navigation, search

The following steps are needed to get a Grid certificate

  1. Use the GridKa web interface to request a personal certificate.
    • In addition and if it is the first time you ask for the certificate, you have to fill out this form and present it with your personal ID to one for our Grid RAs (currently Guenter Duckeck or Christoph Mitterer).
    • You will receive several automatic notification mails from GridKa before you finally receive a mail from GridKa with a web-link to your certificate in p12 format (alternative (non recommended) methods are described here.)
  2. Download the certificate using the same browser you used to issue the request. The certificate will automatically be imported into your browser. Export the certificate to your local directory ~/.globus on the etp cluster. With Firefox click through 'Edit - Preferences - Advanced -Encryption, Certificates - View Certificates'. Select the GermanGrid certificate and click backup to save the file in p12 format (e.g. use path ~/.globus/usercert.p12).

It is important that you use the same naming convention as described here. You need to provide a password for encryption which need to entered for the conversion steps below. Detailed help (in German) can be found here (select 'Hilfeseiten').

  1. Extract the certificate and the key into pem format. Here we assume that the p12-certificate file is ~/.globus/usercert.p12 and you are logged in on the etp cluster and changed directory to ~/.globus.
    • Extract the public certificate with:
      openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out usercert.pem (You will be asked for the password you defined when exporting the p12 file.)
    • Extract the private key:
      openssl pkcs12 -nocerts -in usercert.p12 -out userkey.pem (You will be asked for the password you defined when exporting the p12 file and to define a new passphrase for your key.)
    • Check for the correct read/write file permissions, which should be as follows:
      -rw-r--r-- 1 Thomas.Nunnemann campususer 1911 Jan 16 14:57 usercert.pem
      -r-------- 1 Thomas.Nunnemann campususer 1138 Jan 16 14:59 userkey.pem
  2. For using your grid certificate, it is necessary to join a virtual organisation. (See Join a VO)
  3. Detailed help (in German) can be found from here (select 'Hilfeseiten')