This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
users:taarre:cert [2014/05/08 16:20] – taarre | users:taarre:cert [2019/10/24 17:18] (current) – [Installation of the certificate] iwn | ||
---|---|---|---|
Line 2: | Line 2: | ||
==== Getting a Grid certificate ==== | ==== Getting a Grid certificate ==== | ||
- | Follow the steps at [[https:// | + | Follow the steps at [[https:// |
+ | [[https:// | ||
==== Getting a new Grid certificate when having an old one ==== | ==== Getting a new Grid certificate when having an old one ==== | ||
Line 17: | Line 18: | ||
==== Installation of the certificate ==== | ==== Installation of the certificate ==== | ||
- | After the successful application, | + | After the successful application, |
- | Export or ' | + | |
+ | Export or ' | ||
+ | |||
+ | Copy the file to the user's home directory. | ||
Create a directory in the user's home directory | Create a directory in the user's home directory | ||
mkdir $HOME/ | mkdir $HOME/ | ||
Line 24: | Line 29: | ||
openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/ | openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/ | ||
openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/ | openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/ | ||
- | The user will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable.\\ | + | The user will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable. |
Set the access mode on your userkey.pem and usercert.pem files | Set the access mode on your userkey.pem and usercert.pem files | ||
chmod 400 $HOME/ | chmod 400 $HOME/ | ||
chmod 600 $HOME/ | chmod 600 $HOME/ | ||
- | Further protection of the $HOME/ | + | Further protection of the '' |
chmod go-rx $HOME/ | chmod go-rx $HOME/ | ||
- | If the $HOME/ | + | If the '' |
fs setacl -dir $HOME/ | fs setacl -dir $HOME/ | ||
- | The user's GRID certificate (usercert.pem and userkey.pem) can be copied to every other machine to access the GRID by transporting the $HOME/ | + | The user's GRID certificate (usercert.pem and userkey.pem) can be copied to every other machine to access the GRID by transporting the '' |