Differences

This shows you the differences between two versions of the page.

--- cern:certificates [2011/10/03 14:05] – [Certificates] nchiap
+++ cern:certificates [2014/07/22 21:10] (current) – [New Certificate Authority] nchiap
@@ Line 28: / Line 28: @@
 CERN has its own Certificate Authority. You find its website under [[https://ca.cern.ch]].
+===== Obtaining a key-pair and certificate from CERN =====
+==== New Certificate Authority ====
+  - Request a [[https://gridca.cern.ch/gridca/user/Request.aspx | new user Certificate.]] (use Firefox, this may not work other browsers)
+  - Follow [[https://gridca.cern.ch/gridca/Help/?kbid=024010 | How to use your certificate with grid-proxy-init.]]
+=====other useful things =====
+====print public key====
+from your private key you can generate the corresponding public key
+  openssl rsa -in privkey.pem -pubout
+====print certificate details====
+you can print all the information stored in your certificate
+  openssl x509 -text -noout -in certificate.pem
+==== create a pkcs12 file (used by web-browsers) ====
+(tested with Firefox and Opera)
+To use the certificate for authentication on websites you need to combine the certificate and the private-key into a pkcs12 file
+  openssl pkcs12 -export -inkey privkey.pem -in certificate.cer -out combined.p12
+You can then import this file into the certificate configuration of your browser
+(Firefox: edit > preferences > advanced > view certificates)
+==== export from a pkcs12 file====
+export the certificate
+  openssl pkcs12 -clcerts -nokeys -in combined.p12 -out certificat.pem
+export the private key
+  openssl pkcs12 -nocerts -in combined.p12 -out privkey.pem
+if you work on a SLC machine, you can also use a special script for this:
+  cert-convert.sh combined.p12
+===== Useful Links=====
+  * [[http://www.madboa.com/geek/openssl/]]
+  * [[http://ca.cern.ch/]]
+  * [[https://twiki.cern.ch/twiki/bin/view/LHCb/FAQ/Certificate]]
+  * [[https://lcg-voms.cern.ch:8443/vo/lhcb/vomrs]]
+====== Outdated ======
+The explanation below is outdated.
+CERN does not sign certificate requests for existing keys any longer.
+You will have to generate a new pair with a private-key and certificate every year.
 =====Getting Started (generate a first key pair and certificate) =====
@@ Line 66: / Line 110: @@
 The next step is now again to [[https://ca.cern.ch/ca/Certificates/reqtxts.aspx|copy and paste the certificat request]] into the form of the Authority.
 Again you get a signed certificate back and store it with a helpful name.
-Probably you will then want to update your files in ~/.globus.
+Probably you will then want to update your files in ~/.globus, so copy the **.cer** into that directory and replace the symlink for ''usercert.pem''.
-=====other useful things =====
-====print public key====
-from your private key you can generate the corresponding public key
-  openssl rsa -in privkey.pem -pubout
-====print certificate details====
-you can print all the information stored in your certificate
-  openssl x509 -text -noout -in certificate.pem
-==== create a pkcs12 file (used by web-browsers) ====
-(tested with Firefox and Opera)
-To use the certificate for authentication on websites you need to combine the certificate and the private-key into a pkcs12 file
-  openssl pkcs12 -export -inkey privkey.pem -in certificate.cer -out combined.p12
-You can then import this file into the certificate configuration of your browser
-(Firefox: edit > preferences > advanced > view certificates)
-==== export from a pkcs12 file====
-export the certificate
-  openssl pkcs12 -nokeys -in combined.p12 -out certificat.pem
-export the private key
-  openssl pkcs12 -nocerts -in combined.p12 -out privkey.pem
-===== Useful Links=====
-  * [[http://www.madboa.com/geek/openssl/]]
-  * [[http://ca.cern.ch/]]

Physik-Institut

LHCb Wiki Pages

Differences

Physik-Institut

LHCb Wiki Pages

User Tools

Site Tools

Differences

Page Tools