How to obtain a new GRID certificate

Follow the procedure described in https://access.hellasgrid.gr/register/registration_form

How to renew your GRID certificate or manage your account

Use the menus at https://access.hellasgrid.gr/account

Extracting usercert.pem and userkey.pem from a PKCS12 bundle file

  1. Save your latest valid GRID certificate from your web browser were it was installed to a PKCS12 file, e.g. to MyCertificate.p12
    The procedure to export the certificate varies from browser to browser.
    For Firefox, the steps to follow are:
    1. Edit → Preferences → Advanced → select Certificates tab → View Certificates → Your Certificates
    2. Select the latest valid certificate to be saved and click the "Backup..." button
    3. Save the file, e.g. as MyCertificate.p12 (You will be asked to provide a password, to be used later. Use a complex one!)
  2. Transfer the file MyCertificate.p12 to your home directory at alpha.physics.uoi.gr
  3. Login to alpha.physics.uoi.gr and use the following commands (use cut&paste)
    1. openssl pkcs12 -nocerts -in ~/MyCertificate.p12 -out ~/userkey.pem
      • you will be asked for the password used to create the PKCS12 file
      • you will then be asked to provide a PEM pass phrase for the key encryption. Use a complex one!
    2. openssl pkcs12 -clcerts -nokeys -in ~/MyCertificate.p12 -out ~/usercert.pem
      • you will be asked for the password used to create the PKCS12 file
    3. chmod 0400 ~/userkey.pem
    4. chmod 0644 ~/usercert.pem
    5. mkdir -p ~/.globus
    6. mv -f ~/MyCertificate.p12 ~/userkey.pem ~/usercert.pem ~/.globus
  4. You may now copy the directory ~/.globus from alpha.physics.uoi.gr to any UNIX machine from where you need to access the GRID, e.g.
    scp -rp ~/.globus username@lxplus.cern.ch:

Generate a PKCS12 bundle file from existing PEM files

To generate a PKCS12 bundle file from existing PEM files (e.g. ~/NewCertificate.p12 from ~/.globus/userkey.pem and ~/.globus/usercert.pem)
on alpha.physics.uoi.gr, use the command:

  • openssl pkcs12 -export -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -name "My New Certificate" -out ~/NewCertificate.p12
    • you will be asked for the PEM pass phrase used to encrypt the PEM key
    • you will be asked to provide an export password to be used later. Use a complex one!

-- IoannisPapadopoulos - 2016-03-24

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2016-03-24 - IoannisPapadopoulos
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback