This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
users:taarre:cert [2014/05/05 15:20] – created taarre | users:taarre:cert [2019/10/24 17:18] (current) – [Installation of the certificate] iwn | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Installation of the certificate ====== | + | ====== |
+ | |||
+ | ==== Getting a Grid certificate ==== | ||
+ | Follow the steps at [[https:// | ||
+ | [[https:// | ||
+ | |||
+ | ==== Getting a new Grid certificate when having an old one ==== | ||
+ | * Request new certificate [[https:// | ||
+ | * Install it in your browser with the link you get | ||
+ | * Backup by Preferences--> | ||
+ | * If you have an existing cert+key pair in your .globus/ folder, rename the old ones as eg. userkey.pem_old and keep in the globus folder | ||
+ | * After having extracted cert+key, remember to copy your new certificates to where you need then (PSI, lxplus, private computer...) by copying the .globus/ folder. Remember to set the permissions again and rename the old .globus/ folder before copying the new one! | ||
+ | * To register the new certificate with the CMS vo registration, | ||
+ | * At [[https:// | ||
+ | * Once the new certificate is approved, you can make it your primary certificate by going to Member Info--> | ||
+ | |||
+ | |||
+ | ==== Installation of the certificate | ||
After the successful application, | After the successful application, | ||
- | - Export or ' | ||
- | - Copy the file to the user's home directory. | ||
- | - Create a directory in the user's home directory: | ||
- | - | ||
- | - Extract the certificate creating a public and a private key file replacing YourCert.p12 with the filename chosen during step 1:openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/ | ||
- | - openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/ | ||
- | - The user will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable. | ||
- | - Set the access mode on your userkey.pem and usercert.pem files:chmod 400 $HOME/ | ||
- | - chmod 600 $HOME/ | ||
- | - | ||
- | - Further protection of the $HOME/ | ||
- | - | ||
- | - If the $HOME/ | ||
- | The user's GRID certificate (usercert.pem and userkey.pem) can be copied to every other machine to access the GRID by transporting the$HOME/ | ||
- | [[(https://twiki.cern.ch/twiki/bin/view/Main/CRABPrerequisitesGRIDCredentials)|CRABPrerequisitesGRIDCredentials]] | + | Export or ' |
+ | |||
+ | Copy the file to the user's home directory. | ||
+ | |||
+ | Create a directory in the user's home directory | ||
+ | mkdir $HOME/ | ||
+ | Extract the certificate creating a public and a private key file replacing YourCert.p12 with the filename chosen during step 1: | ||
+ | openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem | ||
+ | openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem | ||
+ | The user will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable. | ||
+ | |||
+ | Set the access mode on your userkey.pem and usercert.pem files | ||
+ | chmod 400 $HOME/.globus/userkey.pem | ||
+ | chmod 600 $HOME/.globus/ | ||
+ | Further protection of the '' | ||
+ | chmod go-rx $HOME/ | ||
+ | If the '' | ||
+ | fs setacl -dir $HOME/ | ||
+ | The user's GRID certificate (usercert.pem and userkey.pem) can be copied to every other machine to access the GRID by transporting the '' |