To create your proxy credential for using GlobusOnline please follow the steps in CASE 1 or CASE 2:
CASE 1) if you have requested a certificate to your certification authority
Convert your certificate in a pem certificate. If it is a .p12 or a .pfx, convert it typing:
bash$ openssl pkcs12 -clcerts -nokeys -in <name_certificate.{p12|pfx}> -out usercert.pem
Enter Import Password: <password used for backup of your .p12 certificate>
MAC verified OKbash$ openssl pkcs12 -nocerts -in <name_certificate.{p12|pfx}> -out userkey.pem
Enter Import Password: <password used for backup of your .p12 certificate>
MAC verified OK
Enter PEM pass phrase: <password to encrypt your private key>
Verifying - Enter PEM pass phrase <password to encrypt your private key>
Set the right permission to the file just created:
bash$ chmod 644 usercert.pem
bash$ chmod 400 userkey.pem
Extract your own user DN (Distinguished Name) from the certificate, for example typing
bash$ openssl x509 -in usercert.pem -noout -subject | sed 's/subject= //'
- To use GridFTP on CINECA clusters, the DN has to be added to our userdb profile (https://userdb.hpc.cineca.it) under the "personal data" section in the field X.509 certificate and following the specified syntax. To use globus-url-copy with the iRODS repository, you have been add as PI or collaborator to a DRES of type REPO.
- Create the directory ~/.globus and copy here the usercert.pem ed userkey.pem.
- Install the package myproxy, if the login machine isn't a CINECA cluster. The installation packages of the Grid Community Toolkit (GTC) are available through debian repository and epel repositories (for Red Hat Enterprise Linux, CentOS and Scientific Linux 6 and 7).
After the installation of myproxy package, type:
bash$ mkdir ~/.globus/certificates && cd ~/.globus/certificates
bash$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz && tar -zxvf igtf-preinstalled-bundle-classic.tar.gz
bash$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-mics.tar.gz && tar -zxvf igtf-preinstalled-bundle-mics.tar.gz
bash$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-slcs.tar.gz && tar -zxvf igtf-preinstalled-bundle-slcs.tar.gz
bash$ wget http://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-iota.tar.gz && tar -zxvf igtf-preinstalled-bundle-iota.tar.gz
Create your proxy certificate (starting from your x509 certificate) by using the command:
grid-proxy-init
Then store it in the proxy server by the command:
myproxy-init -s grid.hpc.cineca.it -l <username>
By default, the proxy lifetime credential is 12 hours. Use the option "-c 0 -t <hours>" to modify such default.
When you finish to use your proxy credential, destroy it by typing:
myproxy-destroy -s grid.hpc.cineca.it -l <username>
grid-proxy-destroy
NB The proxy will destroy oneself 12 hours running from its "init". So after this time you have to create again the proxy for a new transfer.
CASE 2) if you have requested a certificate to CA-CINECA
The proxy credential are already created and stored on the CINECA myproxy-server.