From T3_KR_KNU
Line 3: | Line 3: | ||
* [https://pki1.doegrids.org/ca/ Personal certificate request form] | * [https://pki1.doegrids.org/ca/ Personal certificate request form] | ||
* Exporting your key pair for use by Globus grid-proxy-init | * Exporting your key pair for use by Globus grid-proxy-init | ||
− | o Export or 'backup' your certificate. The interface for this varies from browser to browser. Internet Explorer starts with "Tools -> Internet Options -> Content" | + | |
+ | <pre> | ||
+ | o Export or 'backup' your certificate. The interface for this varies from browser to browser. | ||
+ | |||
+ | - Internet Explorer starts with "Tools -> Internet Options -> Content". | ||
+ | - Netscape Communicator has a "Security" button on the top menu bar. | ||
+ | - Mozilla starts with "Edit -> Preferences -> Privacy and Security -> Certificates". | ||
+ | - The exported file will probably have the extension .p12 or .pfx. | ||
+ | |||
o Guard this file carefully. Store it off your computer, or remove it once you are finished with this process. | o Guard this file carefully. Store it off your computer, or remove it once you are finished with this process. | ||
o Copy the above PKCS#12 file to the computer where you will run grid-proxy-init. | o Copy the above PKCS#12 file to the computer where you will run grid-proxy-init. | ||
o Extract your certificate (which contains the public key) and the private key: | o Extract your certificate (which contains the public key) and the private key: | ||
o Certificate: openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem | o Certificate: openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem | ||
− | o To get the encrypted private key : openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem You must set the mode on your userkey.pem file to read/write only by the owner, otherwise grid-proxy-init will not use it(chmod go-rw $HOME/.globus/userkey.pem). | + | o To get the encrypted private key : |
+ | - openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem | ||
+ | You must set the mode on your userkey.pem file to read/write only by the owner, | ||
+ | otherwise grid-proxy-init will not use it(chmod go-rw $HOME/.globus/userkey.pem). | ||
+ | </pre> |
Latest revision as of 07:00, 14 May 2009
How to request a DOEGrids Personal Certificate?
- How to request a DOEGrids Personal Certificate?
- Personal certificate request form
- Exporting your key pair for use by Globus grid-proxy-init
o Export or 'backup' your certificate. The interface for this varies from browser to browser. - Internet Explorer starts with "Tools -> Internet Options -> Content". - Netscape Communicator has a "Security" button on the top menu bar. - Mozilla starts with "Edit -> Preferences -> Privacy and Security -> Certificates". - The exported file will probably have the extension .p12 or .pfx. o Guard this file carefully. Store it off your computer, or remove it once you are finished with this process. o Copy the above PKCS#12 file to the computer where you will run grid-proxy-init. o Extract your certificate (which contains the public key) and the private key: o Certificate: openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem o To get the encrypted private key : - openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem You must set the mode on your userkey.pem file to read/write only by the owner, otherwise grid-proxy-init will not use it(chmod go-rw $HOME/.globus/userkey.pem).