Differences

This shows you the differences between two versions of the page.

--- cern:certificates [2013/07/23 09:38] – nchiap
+++ cern:certificates [2014/07/22 21:10] (current) – [New Certificate Authority] nchiap
@@ Line 29: / Line 29: @@
-=====Getting Started (generate a first key pair and certificate) =====
+===== Obtaining a key-pair and certificate from CERN =====
-First you will need to generate a key pair and prepare a certificate request.
-For this you log into lxplus and change to the **private** directory. There you run
-  openssl req -new -out myrequest.csr # request a new certificate and  store it in myrequest.csr
-Since you specified no private key the command above generates a private key first.
-You get asked for a password to secure your private key with.
-Choose a good one and do not forget it.
-After that you can provide additional information about yourself if you want.
-You can just press enter if you want.
-When done you have two files in your current directory. **privkey.pem** will contain your private key,
-**myreqeust.csr** contains the certificate request.
-The next step is to get the certificate request signed by the Certificate Authority.
-Select [[https://ca.cern.ch/ca/Certificates/reqtxts.aspx|Request or renew user certificate manually]] on [[https://ca.cert.ch]].
-After you passed the identity check a from with one large text box will be shown to you.
-Copy and paste the content of myrequest.csr into the form.
-After submitting the form you get back a **.cer** file containing your certificate.
+==== New Certificate Authority ====
-I recommend you safe this under something like ''cert_YYYY-MM-DD.cer''.
+  - Request a [[https://gridca.cern.ch/gridca/user/Request.aspx | new user Certificate.]] (use Firefox, this may not work other browsers)
+  - Follow [[https://gridca.cern.ch/gridca/Help/?kbid=024010 | How to use your certificate with grid-proxy-init.]]
-=====Preparing for Grid Usage (on lxplus)=====
-To use your certificate for the grid you need to copy the two files in ~/.globus with the following names:
-  certificat: usercert.pem
-  privat key: userkey.pem
-It is a good idea to create a symbolic link instead of a copy.
-This helps you to know which certificate you actually use.
-You can then test your setup by calling
-  lhcb-proxy-init
-=====Obtaining  a New Certificate (renewal)=====
-You can not really renew an old certificate.
-Instead you need to acquire a new certificate for your existing key-pair.
-  openssl req -new -key privkey.pem # request a new certificate using your private key
-The next step is now again to [[https://ca.cern.ch/ca/Certificates/reqtxts.aspx|copy and paste the certificat request]] into the form of the Authority.
-Again you get a signed certificate back and store it with a helpful name.
-Probably you will then want to update your files in ~/.globus, so copy the **.cer** into that directory and replace the symlink for ''usercert.pem''.
 =====other useful things =====
@@ Line 96: / Line 66: @@
   * [[http://www.madboa.com/geek/openssl/]]
   * [[http://ca.cern.ch/]]
+  * [[https://twiki.cern.ch/twiki/bin/view/LHCb/FAQ/Certificate]]
+  * [[https://lcg-voms.cern.ch:8443/vo/lhcb/vomrs]]
 ====== Outdated ======
 The explanation below is outdated.

Physik-Institut

LHCb Wiki Pages

Differences

Physik-Institut

LHCb Wiki Pages

User Tools

Site Tools

Differences

Page Tools