Here are some useful openssl commands if you regularly need to renew/process certificates from DOEGrids (department of energy) to authenticate on national compute grids such as the Open Science Grid.
Taking your Globus keypair and importing into your browser.
You Globus cert is in .pem format. To import into a browser like Firefox (so that you can renew your cert over the web, for instance), you will need to convert it to a .p12 file. To do this, enter this in your .globus directory:openssl pkcs12 -export -inkey userkey.pem -in usercert.pem -out my-cert.p12
Then import my-cert.p12 as a user cert into Firefox.
Exporting your key pair from your browser for use by Globus grid-proxy-init.
- Export or 'backup' your certificate. The interface for this varies from browser to browser, Firefox is "Tools -> Options -> Advanced -> View Certificates". The exported file will probably have the extension .p12 or .pfx.
- Guard this file carefully. Store it off your computer, or remove it once you are finished with this process.
- Copy the above PKCS#12 file to your ~/.globus directory.
- Extract your certificate (which
contains the public key) and the private key:
- Certificate:
openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem - To get the encrypted private key
:
openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem
You must set the mode on your userkey.pem file to read/write only by the owner, otherwise grid-proxy-init will not use it(chmod go-rw $HOME/.globus/userkey.pem).
- Certificate:
No comments:
Post a Comment