Difference: GridCertificates (3 vs. 4)

Revision 42016-03-20 - LouisCie

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Line: 12 to 12
 

Extracting usercert.pem and userkey.pem from a PKCS12 bundle file

Changed:
<
<
  1. Save your latest valid GRID certificate from your web browser were it was installed to a PKCS12 file, e.g. to MyCertificate.p12
    The procedure to export the certificate varies from browser to browser.
    For Firefox, the steps to follow are:
    1. Edit → Preferences → Advanced → select Certificates tab → View Certificates → Your Certificates
>
>
  1. Save your latest valid GRID certificate from your web browser were it was installed to a PKCS12 file, e.g. to MyCertificate.p12
    The procedure to export the certificate varies from browser to browser.
    For Firefox, the steps to follow are:
    1. Edit → Preferences → Advanced → select Certificates tab → View Certificates → Your Certificates
 
    1. Select the latest valid certificate to be saved and click the "Backup..." button
Changed:
<
<
    1. Save the file, e.g. as MyCertificate.p12 (You will be asked to provide a password, to be used later. Use a complex one!)
>
>
    1. Save the file, e.g. as MyCertificate.p12 (You will be asked to provide a password, to be used later. Use a complex one!)
 
  1. Transfer the file MyCertificate.p12 to your home directory at alpha.physics.uoi.gr
  2. Login to alpha.physics.uoi.gr and use the following commands (use cut&paste)
Changed:
<
<
    1. openssl pkcs12 -nocerts -in ~/MyCertificate.p12 -out ~/userkey.pem
      • you will be asked for the password used to create the PKCS12 file
>
>
    1. openssl pkcs12 -nocerts -in ~/MyCertificate.p12 -out ~/userkey.pem
      • you will be asked for the password used to create the PKCS12 file
 
      • you will then be asked to provide a PEM pass phrase for the key encryption. Use a complex one!
Changed:
<
<
    1. openssl pkcs12 -clcerts -nokeys -in ~/MyCertificate.p12 -out ~/usercert.pem
>
>
    1. openssl pkcs12 -clcerts -nokeys -in ~/MyCertificate.p12 -out ~/usercert.pem
 
      • you will be asked for the password used to create the PKCS12 file
Changed:
<
<
    1. chmod 0400 ~/userkey.pem
    2. chmod 0644 ~/usercert.pem
    3. mkdir -p ~/.globus
    4. mv -f ~/MyCertificate.p12 ~/userkey.pem ~/usercert.pem ~/.globus
  1. You may now copy the directory ~/.globus from alpha.physics.uoi.gr to any UNIX machine from where you need to access the GRID, e.g.
    scp -rp ~/.globus username@lxplus.cern.ch:
>
>
    1. chmod 0400 ~/userkey.pem
    2. chmod 0644 ~/usercert.pem
    3. mkdir -p ~/.globus
    4. mv -f ~/MyCertificate.p12 ~/userkey.pem ~/usercert.pem ~/.globus
  1. You may now copy the directory ~/.globus from alpha.physics.uoi.gr to any UNIX machine from where you need to access the GRID, e.g.
    scp -rp ~/.globus username@lxplus.cern.ch:
 

Generate a PKCS12 bundle file from existing PEM files

Changed:
<
<
To generate a PKCS12 bundle file from existing PEM files (e.g. ~/NewCertificate.p12 from ~/.globus/userkey.pem and ~/.globus/usercert.pem)
on alpha.physics.uoi.gr, use the command:
  • openssl pkcs12 -export -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -name "My New Certificate" -out ~/NewCertificate.p12
    • you will be asked for the PEM pass phrase used to encrypt the PEM key
>
>
To generate a PKCS12 bundle file from existing PEM files (e.g. ~/NewCertificate.p12 from ~/.globus/userkey.pem and ~/.globus/usercert.pem)
on alpha.physics.uoi.gr, use the command:
  • openssl pkcs12 -export -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -name "My New Certificate" -out ~/NewCertificate.p12
    • you will be asked for the PEM pass phrase used to encrypt the PEM key
 
    • you will be asked to provide an export password to be used later. Use a complex one!

-- IoannisPapadopoulos - 2009-10-27

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback