Prepare For Grid Usage¶
1. First you need to create a Personal Certificate according to this help: Obtain_the_Personal_Certificate
2. Then you need to Join to the fgi.csc.fi Virtual Organization.
You should use the same machine and same Browser for obtaining both the Certificate and for joining the VO:
Go to page https://voms.fgi.csc.fi:8443/voms/fgi.csc.fi, fill the form and submit it.
Once you have sent your application you need to wait until it has been processed after which you'll get an email how to proceed.
3. Extract the Personal Certificate from Browser.
NOTE: The Personal Certificate is bundle of User Certificate and an associated private key.
Your Personal Certificate is stored into the Web Browser where you created it. To extract it for the Grid usage proceed as follows:
Locate the certificate in your Browser. It's placed under something like "Preferences" => "Advanced" => "Certificates" => "View Certificates" => "Your Certificates".
For example the Certificate in Firefox for Linux looks the following:
https://p55cc-redmine.utu.fi/attachments/download/7/cert.png
It's hard to tell where it is stored as there are too many different Browsers and versions, but the name of the Certificate should be TERENA and your name and email must be part of the Certificate.
Now "Backup" or "Export" the Certificate, or whatever options you have to Extract the Certificate into a file.
You will be asked filename into which the Personal Certificate shall be stored. Give some name, for example user.p12
Select “File type” as PKCS12 for the Certificate file.
Then you will be asked to create a password. Invent a reasonable password and remember it (you will need it later).
Once you have entered the password the Personal Certificate will be stored into the given file. The file consist of the User Certificate and an associated private key.
These two items will be separated into two files next.
5. Extract the Certificate private key from Personal Certificate
Enter command as follows:
openssl pkcs12 -nocerts -in user.p12 -out userkey.pem
When executed, this command will ask for the old and the new key passwords (they can be the same). So you better use the same password.
6. Extract the User Certificate from Personal Certificate
Enter the command:
openssl pkcs12 -clcerts -nokeys -in user.p12 -out usercert.pem
The two commands above should have created two files, usercert.pem and userkey.pem. These two files should be moved into a .globus sub-directory under the user's home directory (note the dot as the first character of the directory name). If the .globus directory does not exist, it can be created with the command:
mkdir ~/.globus/
After this, the two Certificate files can be moved to the .globus directory with the commands:
mv usercert.pem ~/.globus/ mv userkey.pem ~/.globus/
At this point you can (should) remove the original Personal Certificate file:
rm user.p12
Finally, make sure that the access permissions of the userkey.pem file are set up correctly. The command to ensure this is:
chmod 400 ~/.globus/userkey.pem
At this point the setup is done and you can verify all is done and you are ready to use Grid. To check enter the command:
arcproxy -S fgi.csc.fi
If successful the output is something like this:
Your identity: /DC=org/DC=terena/DC=tcs/C=FI/O=Turun yliopisto/CN=Timo Eronen tke@utu.fi Contacting VOMS server (named fgi.csc.fi): voms.fgi.csc.fi on port: 15003 Proxy generation succeeded Your proxy is valid until: 2016-10-12 23:16:10
