Skip to topic | Skip to bottom
Home
Computing
Computing Web
Web Home | Search Changes | Notifications Index | Topics

Computing.CertificatesManagementr1.15 - 29 Apr 2010 - 16:13 - DanProtopopescutopic end
Start of topic | Skip to actions

Certificates

Authentication to alien is done via certificates. To obtain a certificate, PANDA callaborators should contact their local Certification Authority (CA).

Procedure:

  1. Read attentively all explanations on this wiki
  2. Install alien on your computer
  3. Navigate to your local CA's site (see list below) and follow the instructions

Certificate subject

To authenticate, your certificate subject has to match the one allocated in LDAP to your alien user or host. After obtaining a new certificate, you have to communicate the certificate subject to the Grid Admin. The subject looks something like this: 

/C=ch/O=AliEn/OU=PANDA/CN=John Smith
To double-check, see what is printed on the screen after you type alien proxy-init once you installed you new certificates.

Types

There are two types of certificates that we use with PANDA Grid:

Site (machine) certificates

Site certificates are machine certificates with subject like .../CN=gridpc1.gsi.de, and empty passphrase, used to identify a site headnode. These are applied for and used by site admins only.
ALERT! If you are only installing an alien client, you don't need a site certificate but a user certificate.

User certificates

User certificates identify an individual user to the Grid. They would have subject lines like .../CN=John Smith and be protected by a passphrase. If you have exported your certificate from the browser, in p12 format, use these command to convert it: 

openssl pkcs12 -in export.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
openssl pkcs12 -in export.p12 -nocerts -out $HOME/.globus/userkey.pem
The user certificate can safely be world readable, but userkey.pem must be readable by you only ! 
chmod 0400 $HOME/.globus/userkey.pem

Other

Certificates from other Certification Authorities than the ones listed below can in principle be used. Please contact the Grid Admin for this.

Certification Authorities

Here is a list of CAs:

Please navigate to your local CA's site and follow the instructions therein. If your country's CA is not in here, please notify us to add it.
to top

End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version [PDF] | Raw text | More topic actions
Revisions: | r1.15 | > | r1.14 | > | r1.13 | Total page history | Backlinks | Graph
Computing.CertificatesManagement moved from Computing.CertificatesManager on 16 Apr 2009 - 10:34 by DanProtopopescu - put it back
You are here: Computing > PandaGrid > CertificatesManagement

to top

Copyright © 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Impressum, Urheberrecht und Haftungsausschluss
Ideas, requests, problems regarding Panda Wiki? Send feedback