Provides digital security certificates to Pakistani scientific community participating in the LHC Experiment...

 
 

 

 
Instructions for Requesting User Certificate


By requesting a certificate, you indicate that you accept the Certificate Policy and Certification Practice Statement (CP-CPS) and that you agree to the Subscriber Obligations specified in that document.

If you are ready to request your certificate, then follow the step by step instructions below:

Step 1. On-line Request for Certificate.

Click here to link into the on-line CSR web page. Please submit request on the computer that you want to store public/private key. The key pair is generated and stored in the browser. You must use same machine and same user name to download the certificate once it is signed by the PK-Grid-CA.

Step 2. Download and Import Certificate.

Once your certificate is signed, you will receive a digitally signed email containing the URL from where you can download your certificate.

Step 3. Using Certificate

  • Download the certificate from the web URL received in the email from PK-Grid-CA
  • The certificate you are going to download is in .pem format; you have to change it to .crt format and install it.

Step 4. Export Certificate

  • Open the browser and Go to Tools -> Internet Options

  • Click the Content -> Certificates

  • Select the installed certificate which you want to export and click Export button

  • Click Next

  • Choose "Yes, export the private key" and Click Next

  • Choose "Personal Information Exchange-PKCS #12 (.PFX)" and Click Next

  • Enter a strong password and Click Next. Remember this password, you would need it when you import your certificate

  • Enter the File Name and Click Next

  • Click OK

  • Click Finish

  • Click OK

Step 5. Grid Usage

User Certificate

  • Make an hidden directory named .globus in home directory

    $ mkdir .globus
     

  • After exporting your certificate into PFX (PKCS-12) file from the browser, split it into public and private key. Name public key as usercert.pem and private key as userkey.pem

    $ openssl  pkcs12 -nocerts  -in your_cert.pfx  -out  userkey.pem
    $ openssl  pkcs12 -nokeys   -in your_cert.pfx  -out  usercert.pem
     

  • Move usercert.pem and userkey.pem to .globus directory

    $ mv userkey.pem  .globus
    $ mv usercert.pem .globus
     

  • Change usercert.pem permissions to 440 and userkey.pem permissions to 400

    $ cd  .globus
    $ chmod  440  usercert.pem
    $ chmod  400  userkey.pem

Host Certificate

  • After exporting the host certificate into PFX (PKCS-12) file from the browser, split it into public and private key. Name public key as hostcert.pem and private key as hostkey.pem. The private key needs to be decrypted as well.

    $ openssl  pkcs12 -nocerts  -in host_cert.pfx  -out  hostkey.pem
    $ openssl  pkcs12 -nokeys   -in host_cert.pfx  -out  hostcert.pem

     

  • Move hostcert.pem and hostkey.pem to /etc/grid-security directory

    $ mv hostkey.pem   /etc/grid-security
    $ mv hostcert.pem  /etc/grid-security
     

  • Change hostcert.pem permissions to 440 and hostkey.pem permissions to 400

    $ cd  /etc/grid-security
    $ chmod  440  hostcert.pem
    $ chmod  400  hostkey.pem
 
 

Copyright © NCP, 2003 - .  All Rights Reserved.