UZH

Physik-Institut

CMS Wiki Pages

User Tools

Site Tools

Trace:
users:taarre:cert

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
users:taarre:cert [2014/05/08 16:20] taarreusers:taarre:cert [2019/10/24 17:18] (current) – [Installation of the certificate] iwn
Line 2: Line 2:
  
 ==== Getting a Grid certificate ==== ==== Getting a Grid certificate ====
-Follow the steps at [[https://twiki.cern.ch/twiki/bin/view/Main/CRABPrerequisitesGRIDCredentials|CRABPrerequisitesGRIDCredentials]] to get your certificate. To import the certificate to your Mac follow [[https://www.racf.bnl.gov/docs/howto/grid/osxcertmgmt|these guidelines]].\\+Follow the steps at [[https://twiki.cern.ch/twiki/bin/view/Main/CRABPrerequisitesGRIDCredentials|CRABPrerequisitesGRIDCredentials]] to get your certificate. To import the certificate to your Mac follow [[https://www.racf.bnl.gov/docs/howto/grid/osxcertmgmt|these guidelines]] (Another installation guide can be found at 
 +[[https://twiki.cern.ch/twiki/bin/viewauth/CMS/DQMGUIGridCertificate|Grid Certificate installation instructions ]]).\\
  
 ==== Getting a new Grid certificate when having an old one ==== ==== Getting a new Grid certificate when having an old one ====
Line 17: Line 18:
 ==== Installation of the certificate ==== ==== Installation of the certificate ====
  
-After the successful application, the certificate has to be installed in the user's home directory following these instructions:\\ +After the successful application, the certificate has to be installed in the user's home directory following these instructions: 
-Export or 'backup' the certificate from the browser used for the application. The interface for this varies from browser to browser. The exported file will probably have the extension .p12 or .pfx. Guard this file carefully. Store it off your computer, or remove it once you are finished with this process.\\Copy the file to the user's home directory.\\+ 
 +Export or 'backup' the certificate from the browser used for the application. The interface for this varies from browser to browser. The exported file will probably have the extension .p12 or .pfx. Guard this file carefully. Store it off your computer, or remove it once you are finished with this process. 
 + 
 +Copy the file to the user's home directory. 
 Create a directory in the user's home directory Create a directory in the user's home directory
   mkdir $HOME/.globus   mkdir $HOME/.globus
Line 24: Line 29:
   openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem   openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
   openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem   openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem
-The user will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable.\\+The user will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable. 
 Set the access mode on your userkey.pem and usercert.pem files Set the access mode on your userkey.pem and usercert.pem files
   chmod 400 $HOME/.globus/userkey.pem    chmod 400 $HOME/.globus/userkey.pem 
   chmod 600 $HOME/.globus/usercert.pem   chmod 600 $HOME/.globus/usercert.pem
-Further protection of the $HOME/.globus directory is necessary to prevent everyone except the user to enter this directory:+Further protection of the ''$HOME/.globus'' directory is necessary to prevent everyone except the user to enter this directory:
   chmod go-rx $HOME/.globus   chmod go-rx $HOME/.globus
-If the $HOME/.globus directory holding the certificate resides in an afs home-directory, the directory has to be secured using afs-tools in addition to set the normal unix file access permissions+If the ''$HOME/.globus'' directory holding the certificate resides in an afs home-directory, the directory has to be secured using afs-tools in addition to set the normal unix file access permissions
   fs setacl -dir $HOME/.globus -acl system:anyuser l   fs setacl -dir $HOME/.globus -acl system:anyuser l
-The user's GRID certificate (usercert.pem and userkey.pem) can be copied to every other machine to access the GRID by transporting the $HOME/.globus directory. The security measures described above have to be repeated.\\+The user's GRID certificate (usercert.pem and userkey.pem) can be copied to every other machine to access the GRID by transporting the ''$HOME/.globus'' directory. The security measures described above have to be repeated.
users/taarre/cert.1399558859.txt.gz · Last modified: 2014/05/08 16:20 by taarre

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki