Tags:
tag this topic
create new tag
view all tags
<!-- keep this as a security measure: * Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup,Main.LCGAdminGroup * Set ALLOWTOPICRENAME = Main.TWikiAdminGroup,Main.LCGAdminGroup #uncomment this if you want the page only be viewable by the internal people * #Set ALLOWTOPICVIEW = Main.TWikiAdminGroup,Main.LCGAdminGroup --> ---+ Converting a PKCS#12 certificate (from your browser) to PEM format: * Save the key/certificate from your browser into a file (I'll use the name =mycert.p12 here=). You will be asked for a passphrase when the new file is created, since the private key part should always be secured via encryption. Usually browsers save this file in the PKCS#12 format and the file contains both the certificate and the matching private key. For the following steps you need to have the *openssl* utility available. This is on all current Linux installations a standard. * Extract the user certificate from the PKCS#12 file into the file usercert.pem (you will need to enter your passphrase): <verbatim> $> openssl pkcs12 -clcerts -nokeys -out usercert.pem -in mycert.p12 </verbatim> * Extract the user private key from the key/cert file into userkey.pem (you will need to enter your passphrase again. Since the key now gets stored in a new format, but still should remain protected, you are asked for yet another passphrase for that file. I always use the same passphrase for all these steps): <verbatim> $> openssl pkcs12 -nocerts -out userkey.pem -in mycert.p12 </verbatim> * Make sure that the key file can only be read by you!!!!!! The certificate file must be readable by all, but writable only by you: <verbatim> $> chmod og-rw userkey.pem $> chmod og-w usercert.pem </verbatim> * copy both files into the =~/.globus/= directory onto your user interface machine (e.g. onto lxplus or our UI at CSCS, if you have access to it). Make sure that both files have the correct permissions!!! <verbatim> $> ls -l ~/.globus/usercert.pem ~/.globus/userkey.pem -rw-r--r-- 1 myuser grp 1700 Jul 31 2006 /home/myuser/.globus/usercert.pem -rw------- 1 myuser grp 1750 Jul 31 2006 /home/myuser/.globus/userkey.pem </verbatim> ---++ Test the certificate: You should be able to create a grid proxy from these files once they are at their correct position with the appropriate permissions by typing: <verbatim> $> voms-proxy-init </verbatim> If it fails, use the debug flag to this command to obtain more information: <verbatim> $> voms-proxy-init -debug </verbatim> -- Main.DerekFeichtinger - 03 May 2007
E
dit
|
A
ttach
|
Watch
|
P
rint version
|
H
istory
: r2
<
r1
|
B
acklinks
|
V
iew topic
|
Ra
w
edit
|
M
ore topic actions
Topic revision: r2 - 2008-07-17
-
DerekFeichtinger
LCGTier2
Log In
(Topic)
LCGTier2 Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
Users
Entry point / Contact
RoadMap
ATLAS Pages
CMS Pages
CMS User Howto
CHIPP CB
Outreach
Technical
Cluster details
Services
Hardware and OS
Tools & Tips
Monitoring
Logs
Maintenances
Meetings
Tests
Issues
Blog
Home
Site map
CmsTier3 web
LCGTier2 web
PhaseC web
Main web
Sandbox web
TWiki web
LCGTier2 Web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Warning: Can't find topic "".""
Account
Log In
E
dit
A
ttach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback