From T3_KR_KNU
How to request a DOEGrids Personal Certificate?
- How to request a DOEGrids Personal Certificate?
- Personal certificate request form
- Exporting your key pair for use by Globus grid-proxy-init
o Export or 'backup' your certificate. The interface for this varies from browser to browser. - Internet Explorer starts with "Tools -> Internet Options -> Content". - Netscape Communicator has a "Security" button on the top menu bar. - Mozilla starts with "Edit -> Preferences -> Privacy and Security -> Certificates". - The exported file will probably have the extension .p12 or .pfx. o Guard this file carefully. Store it off your computer, or remove it once you are finished with this process. o Copy the above PKCS#12 file to the computer where you will run grid-proxy-init. o Extract your certificate (which contains the public key) and the private key: o Certificate: openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem o To get the encrypted private key : - openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem You must set the mode on your userkey.pem file to read/write only by the owner, otherwise grid-proxy-init will not use it(chmod go-rw $HOME/.globus/userkey.pem).