Difference between revisions of "Using an Aladdin eToken with firefox"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 48: Line 48:
  
 
[[Image:Cert firefox import cert.png|import certificate]]
 
[[Image:Cert firefox import cert.png|import certificate]]
 +
 +
* Select your eToken as the device on which to store the certificate:
 +
 +
[[Image:Cert firefox choose token.png|choose token]]
  
 
* Enter the password (User PIN) for your eToken:
 
* Enter the password (User PIN) for your eToken:
Line 56: Line 60:
  
 
[[Image:Cert firefox enter import password.png|import password]]
 
[[Image:Cert firefox enter import password.png|import password]]
 +
 +
If all went well, Firefox will report success:
 +
 +
[[Image:Cert firefox successful.png|successfull import]]
 +
  
 
after which your grid certificate should be stored on your eToken:
 
after which your grid certificate should be stored on your eToken:
  
 
[[Image:Cert firefox cert manager after.png|cert manager after]]
 
[[Image:Cert firefox cert manager after.png|cert manager after]]

Revision as of 12:34, 26 April 2007

A very easy method for importing (or removing) keys in your eToken is to add the eToken as a Security Device in Firefox. The procedure for Mozilla/Seamonkey is nearly identical. To add your eToken as a security device , follow these steps

  • Start Firefox
  • (Linux) Go to Edit->Preferences->Advanced->Tab "Encryption"
  • (Windows) Go to Tools->Options->Advanced->Tab "Encryption"
  • Click on 'Security Devices'

You should see a screen similar to

this.

  • Click on 'Load'
  • In the next screen, enter a (possibly useful) name for this module and Click on 'Browse' to select the appropriate PKCS11 module

Cert firefox load pkcs11.png

  • (Linux) choose /usr/local/lib/libetpkcs11.so
  • (Windows) choose $WINDIR\system32\etpkcs11.dll where $WINDIR is the location where Windows is installed. For most Windows XP systems, this will be c:\windows, for Windows 2000 this usually is c:\winnt.
  • Click 'OK'
  • The eToken PKCS11 module is now ready for use. If your eToken is inserted in the computer then it will appear in the list of

security devices

Note that the name of your eToken is the name that you gave it when your eToken was initialized.

  • Note that you are not logged into your eToken at this time. You can do so by clicking on the 'Login' button, after which you'll be prompted for your eToken password:

token master password

  • The next step is to store your existing grid certificate on your eToken. First, convert your grid certificate to PKCS12 format:
 # openssl pkcs12 -export -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -out globus.p12
 Enter pass phrase for userkey.pem:
 Enter Export Password:
 Verifying - Enter Export Password:

You will be asked for your grid certificate passphrase first and then for the (new) Export Password and then once more to verify your newly chosen export password.

NOTE This Export Password is as important as your grid certificate passphrase, as both can be used to decrypt your private key. Guard them both safely!

  • Go back to the "Encryption" preferences screen
    • (Linux) Go to Edit->Preferences->Advanced->Tab "Encryption"
    • (Windows) Go to Tools->Options->Advanced->Tab "Encryption"

preferences

and click on 'View Certificates'. You will see a screen similar to

cert manager before

  • Click on 'Import' and browse to the location of your globus.p12 file:

(Linux users: remember to select the 'Show hidden files and directories' checkbox)

import certificate

  • Select your eToken as the device on which to store the certificate:

choose token

  • Enter the password (User PIN) for your eToken:

master password

  • Enter the 'Export password' that you choose to export the PKCS12 file with:

import password

If all went well, Firefox will report success:

successfull import


after which your grid certificate should be stored on your eToken:

cert manager after