Preparing a client certificate

From SNIC Documentation

Jump to: navigation, search

< Getting started with SweGrid

< Swestore

Most of the standalone third party tools installed on SNIC resources and your own machine will not be able to use a .p12 certificate bundle (or .pfx if you exported from IE), as that format is intended primarily for secure transport and backup of certificates and their private keys.

Instead of a single .p12 file, they expect a pair of files in .pem format, one containing the certificate and the other containing the private key that matches the certificate.

Uploading and conversion of the .p12 for your target machine

As the authentication methods for clusters differ, this section will defer to documentations for your particular site when it comes to transferring files to and from the cluster storage.

The goal is to end up with a .globus directory in your home directory, containing two files named usercert.pem and userkey.pem.

The instructions below assume that your exported certificate file is named export.p12 directly in your home directory. If it's a .pfx or with a different name, change export.p12 in the instructions to your actual filename or rename your file to export.p12.

 mv ~/.globus ~/.globus-old
 mkdir ~/.globus
 chmod 0700 ~/.globus
 openssl pkcs12 -nocerts -in ~/export.p12 -out ~/.globus/userkey.pem
 Enter Import Password: *******
 MAC verified OK
 Enter PEM pass phrase: *******
 Verifying - Enter PEM pass phrase: *******
 openssl pkcs12 -clcerts -nokeys -in ~/export.p12 -out ~/.globus/usercert.pem
 Enter Import Password: *******
 MAC verified OK
 chmod 0400 ~/.globus/userkey.pem
Personal tools
For Staff