Renew Grid Certificate

From Atlas Wiki
Revision as of 07:48, 10 October 2007 by Ivov@nikhef.nl (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

A shortcut through the maze you enter when you want to renew your GRID certificate and/or if you need to re-sign the ATLAS VO 'I-promise-I-will-behave-on-the-Grid' statement:

Advice: 1) Try to avoid breaking your head trying to understand what all computer/grid terms mean that you encounter. 2) Use the same password everywhere. You need many.

1) Renewing your Grid Certificate

  A) http://ca.dutchgrid.nl/info/rekey.html
     run script dca-rekey-pack.sh
  B) Upload file to Dutch CA to start request
     File:     $HOME/.globus/newrekeypack.txt
     Web-page: http://ra.dutchgrid.nl/ra/public/submit
  C) Save the certificate you get back by mail from the Dutch CA (~ 2 days) and follow instructions:
     - Save mail as .globus/usercert.pem
     - In .globus: mv newkey.pem userkey.pem

2) Resign the ATLAS things and Get Certificate in Browser (Mozilla)

  D) Get certificate as PKCS12 format (needed by browsers)
     http://lcg.web.cern.ch/LCG/users/registration/load-cert.html
     In .globus:
     openssl pkcs12 -export -inkey userkey.pem -in usercert.pem -out my_cert.p12 -name MyGridCertificate
  E) Re-sign VO membership thingies (Grid and VO AUP ?)
     https://lcg-voms.cern.ch:8443/vo/atlas/vomrs?path=/RootNode/MemberAction/ResignUsageRules&action=execute