After the successful application, the certificate has to be installed in your home directory following these instructions: 

1. Export or 'backup' the certificate from the browser used for the application. The interface for this varies from browser to browser. The exported file will probably have the extension .p12 or .pfx. Guard this file carefully. Store it off your computer, or remove it once you are finished with this process.

2. Copy the file to your home directory.

3. Create a directory in your $HOME directory:

   UI Text Box
   user$ mkdir $HOME/.globus

4. Extract the certificate creating a public and private key file replacing Yourcert.p12 with the filename chosen during step 1 and give the right permissions to the files: 

   UI Text Box

   user$ openssl pkcs12 -clcerts -nokeys -in cert.p12 -out $HOME/.globus/usercert.pem  Enter Import Password: <password used for backup of your .p12 certificate> MAC verified OK   user$ openssl pkcs12 -nocerts -in cert.p12 -out $HOME/.globus/userkey.pem  Enter Import Password: <password used for backup of your .p12 certificate> MAC verified OK Enter PEM pass phrase: <password to encrypt your private key> Verifying - Enter PEM pass phrase <password to encrypt your private key>   user$ chmod 644 $HOME/.globus/usercert.pem  user$ chmod 400 $HOME/.globus/userkey.pem

   You will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable.

   
   
   

5. To use your certificate on CINECA machines, extract your own user DN (Distinguished Name) from the certificate and add it to your userdb profile (https://userdb.hpc.cineca.it/)  under the "personal data" section in the field X.509 certificate, following the specified syntax. You can extract your DN for example typing 

   UI Text Box
   user$ openssl x509 -in $HOME/.globus/usercert.pem -noout -subject | sed 's/subject= //'

The DN is written as a "Backslash Separated Values" string which states who you are, which are your organization and country, who gave you that certificate and so on. For example, a sample INFN certificate reports "/C=IT/O=INFN/OU=Personal Certificate/L=yourOrgani/CN=Your Name".

Proxy Generation 

After the installation of the certificate in your $HOME directory, a preliminary step to the generation of a proxy are 

1. Installation packages of the Globus Toolkit provided by the IGE project are available through YUM and APT repositories for several platforms at this URL

2. Installation of certificates in your $HOME directory, following the commands: 

   UI Text Box

   user$ mkdir $HOME/.globus/certificates && cd $HOME/.globus/certificates      user$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz && tar -zxvf igtf-preinstalled-bundle-classic.tar.gz user$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-mics.tar.gz && tar -zxvf igtf-preinstalled-bundle-mics.tar.gz user$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-slcs.tar.gz && tar -zxvf igtf-preinstalled-bundle-slcs.tar.gz user$ wget httpshttp://winnetoudist.surfsara.nl/prace/certs/globuscertseugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-iota.tar.gz && tar -xzvf globuscertszxvf igtf-preinstalled-bundle-iota.tar.gz  gz

Now, you can generate the X.509 proxy certificate, on the same machine where is installed your X.509 certificate

user$ grid-proxy-init 

To check how long your proxy certificate is valid, use the following command: 

user$ grid-proxy-info

To destroy your proxy certificate at the end of your activities, use the following command: 

user$ grid-proxy-destroy