| |
| META TOPICPARENT |
name="WebHome" |
Grid Certificates |
| |
Preparing to Request a Certificate |
|
<
< | With the help of the user documentation, choose which browser you intend to use for requesting your certificate: you must also use this actual same browser (and
browser profile) for receiving the certificate when it is issued, so make your plans accordingly. |
>
> | With the help of the user documentation, choose which browser you intend to use for requesting your certificate: you must also use this actual same browser (and browser profile) for receiving the certificate when it is issued, so make your plans accordingly. |
| |
After submitting your request, therefore, until you have successfully received the issued certificate, do not re-install the browser, do not change its profile etc., or else your certificate will be useless. |
| |
At time of writing, browsers such as Firefox, MSIE or Mozilla are supported for requesting your certificate. |
|
<
< | Some browsers, e.g Mozilla and Firefox, have a "master password" on their certificate database. If you are sure that you never set a master password before, you will be asked to
set one at an appropriate time: this is fine - skip the rest of this paragraph. If you have previously worked with certificates in that browser or browser-profile, and thus have previously set a master password, you must remember that master password. Hint: if this applies to you, try export/backup one of your previous certificates, and verify that your master password works, before starting the application procedure. Failing this: in e.g Mozilla, if you are certain that you will never need the existing contents of your certificate store, you can override the master password with "Reset Master Password"; otherwise start a different browser profile (with e.g Mozilla's profile manager), or use an unrelated browser. |
>
> | Some browsers, e.g Mozilla and Firefox, have a "master password" on their certificate database. If you are sure that you never set a master password before, you will be asked to set one at an appropriate time: this is fine - skip the rest of this paragraph. If you have previously worked with certificates in that browser or browser-profile, and thus have previously set a master password, you must remember that master password. Hint: if this applies to you, try export/backup one of your previous certificates, and verify that your master password works, before starting the application procedure. Failing this: in e.g Mozilla, if you are certain that you will never need the existing contents of your certificate store, you can override the master password with "Reset Master Password"; otherwise start a different browser profile (with e.g Mozilla's profile manager), or use an unrelated browser. |
| |
Having selected the browser you are going to use, first carry out these preliminaries with it: follow the 'How To Guide' menu item and then install the eScience root certificate and the CA certificate as described in the 'How to get the CA root certificates' section. |
| | Your certificate identifies you. If it falls into the wrong hands, it can be used to impersonate you, so take care of it. However, it does not, in itself, entitle you to do anything. Before you can get access to facilities, you will need to register as a member of the appropriate VO.
Preparing the certificate for use with GRID |
|
<
< | Firstly make a directory called .Globus ( note '.' ). Then move your certificate .p12 or .pfx file into the .Globus directory.
You must now split the certificate into a private key, which is protected by your password and identifies you as the Grid user when you submit a job, and into a user certificate. The command for doing this is: |
| | |
|
<
< |
openssl pkcs12 -clcerts -nokeys -in cert.pfx -out usercert.pem #this creates the certificate
|
>
> | Firstly make a directory called .globus ( note '.' ). Then move your certificate .p12 or .pfx file into the .Globus directory. You must now split the certificate into a private key, which is protected by your password and identifies you as the Grid user when you submit a job, and into a user certificate. The command for doing this is:
openssl pkcs12 -clcerts -nokeys -in cert.pfx -out usercert.pem #this creates the certificate
|
| |
openssl pkcs12 -nocerts -in cert.pfx -out userkey.pem #this creates your private key
|
|
<
< | You will be asked to enter your passphrase (which you will have created when exporting your certificate) and then to enter and verify a new .pem passphrase. Having done this, your certificate should now be separated into usercert.pem and userkey.pem. |
>
> | You will be asked to enter your passphrase (which you will have created when exporting your certificate) and then to enter and verify a new .pem passphrase. Having done this, your certificate should now be separated into usercert.pem and userkey.pem. |
| |
You need to change the permissions of the .pem files that you have just created. |
Copyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.