Difference between revisions of "Renew Grid Certificate"

A shortcut through the maze you enter when you want to renew your GRID certificate and/or if you need to re-sign the ATLAS VO 'I-promise-I-will-behave-on-the-Grid' statement:

Advice:

1) Try to avoid breaking your head trying to understand what all computer/grid terms mean that you encounter.

2) Use the same password everywhere. You need many.

Of course this is not the safest thing you can do and actually there are only 3 disctinct passwords. If you do this, please be sure to use an EXTREMELY difficult password

1) Renewing your Grid Certificate

  A) http://ca.dutchgrid.nl/info/rekey.html
     run script dca-rekey-pack.sh

  B) Upload file to Dutch CA to start request
     File:     $HOME/.globus/newrekeypack.txt
     Web-page: http://ra.dutchgrid.nl/ra/public/submit

  C) Save the certificate you get back by mail from the Dutch CA (~ 2 days) and follow instructions:
     - Save mail as .globus/usercert.pem
     - In .globus: mv newkey.pem userkey.pem

2) Resign the ATLAS things and Get Certificate in Browser (Mozilla)

  D) Get certificate as PKCS12 format (needed by browsers)
     http://lcg.web.cern.ch/LCG/users/registration/load-cert.html
     In .globus:
     openssl pkcs12 -export -inkey userkey.pem -in usercert.pem -out my_cert.p12 -name MyGridCertificate

  E) Re-sign VO membership thingies (Grid and VO AUP ?)
     https://lcg-voms.cern.ch:8443/vo/atlas/vomrs?path=/RootNode/MemberAction/ResignUsageRules&action=execute
     NB: if you have multiple certificates stored in your browser, use the certificate you created at D) to identify yourself 
         (otherwise you won't be able to re-sign the AUPs).