...
After the successful application, the certificate has to be installed in your home directory following these instructions:
Export or 'backup' the certificate from the browser used for the application. The interface for this varies from browser to browser. The exported file will probably have the extension .p12 or .pfx. Guard this file carefully. Store it off your computer, or remove it once you are finished with this process.
Copy the file to your home directory.
Create a directory in your $HOME directory:
UI Text Box user$ mkdir $HOME/.globus
Extract the certificate creating a public and private key file replacing Yourcert.p12 with the filename chosen during step 1 and give the right permissions to the files:
UI Text Box user$ openssl pkcs12 -clcerts -nokeys -in cert.p12 -out $HOME/.globus/usercert.pem
Enter Import Password: <password used for backup of your .p12 certificate>
MAC verified OK
user$ openssl pkcs12 -nocerts -in cert.p12 -out $HOME/.globus/userkey.pem
Enter Import Password: <password used for backup of your .p12 certificate>
MAC verified OK
Enter PEM pass phrase: <password to encrypt your private key>
Verifying - Enter PEM pass phrase <password to encrypt your private key>
user$ chmod 644 $HOME/.globus/usercert.pem
user$ chmod 400 $HOME/.globus/userkey.pem
You will be asked to define a passphrase during this step. This passphrase has to be entered every time a proxy is created from the certificate. For security reasons, an empty passphrase is not adviseable.
To use your certificate on CINECA machines, extract your own user DN (Distinguished Name) from the certificate and add it to your userdb profile (https://userdb.hpc.cineca.it/) under the "personal data" section in the field X.509 certificate, following the specified syntax. You can extract your DN for example typing
UI Text Box user$ openssl x509 -in $HOME/.globus/usercert.pem -noout -subject | sed 's/subject= //'
The DN is written as a "Backslash Separated Values" string which states who you are, which are your organization and country, who gave you that certificate and so on. For example, a sample INFN certificate reports "/C=IT/O=INFN/OU=Personal Certificate/L=yourOrgani/CN=Your Name".
Proxy Generation
After the installation of the certificate in your $HOME directory, a preliminary step to the generation of a proxy are
Installation packages of the Globus Toolkit provided by the IGE project are available through YUM and APT repositories for several platforms at this URL
Installation of certificates in your $HOME directory, following the commands:
UI Text Box user$ mkdir $HOME/.globus/certificates && cd $HOME/.globus/certificates
user$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz && tar -zxvf igtf-preinstalled-bundle-classic.tar.gz
user$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-mics.tar.gz && tar -zxvf igtf-preinstalled-bundle-mics.tar.gz
user$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-slcs.tar.gz && tar -zxvf igtf-preinstalled-bundle-slcs.tar.gz
user$ wget httpshttp://winnetoudist.surfsara.nl/prace/certs/globuscertseugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-iota.tar.gz && tar -xzvf globuscertszxvf igtf-preinstalled-bundle-iota.tar.gz gz
Now, you can generate the X.509 proxy certificate, on the same machine where is installed your X.509 certificate
UI Text Box |
---|
user$ grid-proxy-init |
To check how long your proxy certificate is valid, use the following command:
UI Text Box |
---|
user$ grid-proxy-info |
To destroy your proxy certificate at the end of your activities, use the following command:
UI Text Box |
---|
user$ grid-proxy-destroy |
...