Certificate Management

Table of Contents

  1. 1. Check the certificate
  2. 2. Backup
  3. 3. Loading Certificate
  4. 4. PEM files conversion
  5. 5. Change Permissions
  6. 6. VOMS Registration

Follow these steps in order to have a your Grid certificate ready to use.

1.  Check the certificate

Check if your certificate is present in your browser. On Mozilla Firefox 

    Edit --> Preferences --> Advanced --> View Certificates --> Your Certificates

You should see a list of all your personal certificates.

2.  Backup

It creates a backup file of your certificate

  • Choose the certificate necessary for accessing the Grid infrastructure and click on the Backup... button.
  • You should see a window that asks you to insert the name for your certificate backup file and a location where to save it. When done click on the Save button.
  • You will be asked to choose a certificate backup password. Be sure that your password is secure enough and click on the OK button.

3.  Loading Certificate

It loads your certificate backup file in the right directory on the UI account.

  • Go in the directory where the certificate backup file is saved. You should see a file with a .p12 extension, for example name.p12, where name is the name that you choose before.
  • Copy the name.p12 file on your UI account (portal.grid.sissa.it) using: 
    scp name.p12 user@portal.grid.sissa.it:

    command
  • Login on the UI and check if the directory ~/.globus/ exists, if not please create it.
  • Move the file name.p12 in the ~/.globus/ directory.

4.  PEM files conversion

Convert name.p12 to pem files

  • Go in the ~/.globus dir, you should see: 
   
   user@portal:~/.globus$ ls -la

   drwxr-xr-x 2 user user 4096 2007-12-20 17:15 .

   drwxr-xr-x 56 user user 4096 2007-12-20 16:20 ..

   -rwx------ 1 user user 3824 2007-11-06 16:41 name.p12
  • Create your userkey.pem file: 
   user@portal:~/.globus$ openssl pkcs12 -nocerts -in name.p12 -out userkey.pem

   Enter Import Password: (insert your certificate password)

   MAC verified OK

   Enter PEM pass phrase: (insert your Enter PEM pass phrase)

   Verifying - Enter PEM pass phrase: (reinsert your Enter PEM pass phrase)
  • Create your usercert.pem file: 
   user@portal:~/.globus$ openssl pkcs12 -clcerts -nokeys -in name.p12 -out usercert.pem

   Enter Import Password: (insert your certificate password)

   MAC verified OK

Please pay attention!!!

Import Password is the password that you insert during the backup file creation.

PEM pass phrase is the password that you should insert on each proxy creation, be sure it's longer than 12 characters.

5.  Change Permissions

Changes userkey e usercert permissions. 

    user@portal:~/.globus$ chmod 400 userkey.pem
    user@portal:~/.globus$ chmod 644 usercert.pem

6.  VOMS Registration

Now, in order to be able to use the Grid infrastructure you should join the VO you are allowed to use. As Sissa/Democritos user you can join at this moment the following VOs: 

    gridats
    euindia
    compchem

You can therefore register your certificate into their voms servers here below: 

    for gridats :   https://voms01.grid.elettra.trieste.it:8443/voms/gridats/StartRegistration.do  
    for euindia :   https://voms2.cnaf.infn.it:8443/voms/euindia/StartRegistration.do 
    for compchem:   https://voms.cnaf.infn.it:8443/voms/compchem/StartRegistration.do.

and follow the instructions. Do this with the browser on which your certificate is imported. Please note that you can join all the VOs you want. It is left to the VOMS administrator to accept you as part of the VO.

Warning! On SISSA network the port 8443 may be closed, if so change your proxy configuration following the guide