-- TWikiAdminUser - 2014-07-27

Installation of the certificate

After the successful application, the certificate has to be installed in the user's home directory following these instructions:

  1. Export or 'backup' the certificate from the browser used for the application. The interface for this varies from browser to browser. The exported file will probably have the extension .p12 or .pfx. Guard this file carefully. Store it off your computer, or remove it once you are finished with this process.
  2. Copy the file to the user's home directory.
  3. Create a directory in the user's home directory:
    mkdir $HOME/.globus 
  4. Extract the certificate creating a public and a private key file replacing YourCert.p12 with the filename chosen during step 1:
    openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem 
    The user will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable.
  5. Set the access mode on your userkey.pem and usercert.pem files:
    chmod 400 $HOME/.globus/userkey.pem chmod 600 $HOME/.globus/usercert.pem 
  6. Further protection of the $HOME/.globus directory is necessary to prevent everyone except the user to enter this directory:
    chmod go-rx $HOME/.globus 

The user's GRID certificate (usercert.pem and userkey.pem) can be copied to every other machine to access the GRID by transporting the $HOME/.globus directory. The security measures described above have to be repeated.

Proxy generation

Note: the execution of commands indicates below requires a installed and setup GRID user interface (UI) on the user's machine. The installation and setup of an UI is described in the following section: User interface.

After installation of the certificate in the user's home directory, the following command creates a user proxy:

voms-proxy-init -voms cms 

using the passphrase defined during installation.

To check how long the user's proxy is valid, use the following command:

voms-proxy-info -all 

A valid proxy should produce a similar output like:

voms-proxy-info -all
subject   : /C=TW/O=AP/OU=GRID/CN=BRIJ KISHOR JASHAL 122117/CN=proxy
type      : proxy
strength  : 1024 bits
path      : /tmp/x509up_u51562
timeleft  : 11:59:49
key usage : Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
=== VO cms extension information ===
VO        : cms
issuer    : /DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
attribute : /cms/Role=NULL/Capability=NULL
timeleft  : 11:59:49
uri       : voms.cern.ch:15002

Topic revision: r1 - 2014-07-27 - 18:18:25 - TWikiAdminUser
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback