How to obtain a new GRID certificate
Follow the procedure described in
https://access.hellasgrid.gr/register/registration_form
How to renew your GRID certificate or manage your account
Use the menus at
https://access.hellasgrid.gr/account
Extracting usercert.pem and userkey.pem from a PKCS12 bundle file
- Save your latest valid GRID certificate from your web browser were it was installed to a PKCS12 file, e.g. to MyCertificate.p12
The procedure to export the certificate varies from browser to browser.
For Firefox, the steps to follow are:
- Edit → Preferences → Advanced → select Certificates tab → View Certificates → Your Certificates
- Select the latest valid certificate to be saved and click the "Backup..." button
- Save the file, e.g. as MyCertificate.p12 (You will be asked to provide a password, to be used later. Use a complex one!)
- Transfer the file MyCertificate.p12 to your home directory at alpha.physics.uoi.gr
- Login to alpha.physics.uoi.gr and use the following commands (use cut&paste)
-
openssl pkcs12 -nocerts -in ~/MyCertificate.p12 -out ~/userkey.pem
- you will be asked for the password used to create the PKCS12 file
- you will then be asked to provide a PEM pass phrase for the key encryption. Use a complex one!
-
openssl pkcs12 -clcerts -nokeys -in ~/MyCertificate.p12 -out ~/usercert.pem
- you will be asked for the password used to create the PKCS12 file
-
chmod 0400 ~/userkey.pem
-
chmod 0644 ~/usercert.pem
-
mkdir -p ~/.globus
-
mv -f ~/MyCertificate.p12 ~/userkey.pem ~/usercert.pem ~/.globus
- You may now copy the directory ~/.globus from alpha.physics.uoi.gr to any UNIX machine from where you need to access the GRID, e.g.
scp -rp ~/.globus username@lxplus.cern.ch:
Generate a PKCS12 bundle file from existing PEM files
To generate a PKCS12 bundle file from existing PEM files (e.g. ~/NewCertificate.p12 from ~/.globus/userkey.pem and ~/.globus/usercert.pem)
on alpha.physics.uoi.gr, use the command:
--
IoannisPapadopoulos - 2009-10-27