Instructions for Requesting User Certificate  
     
 

By requesting a certificate, you indicate that you accept the Certificate Policy and Certification Practice Statement (CP-CPS) and that you agree to the Subscriber Obligations specified in that document.

 
 

If you are ready to request your certificate, then follow the step by step instructions below:

 
     
 

Step 1

 
 

On-line Request for Certificate.

 
 

"ATTENTION: For on-line request, You MUST USE IE 8.0 and above or Mozilla Firefox 7.0 and above. Google Chrome is not supported."

 
 

Click here to link into the on-line CSR web page. Please submit request on the computer that you want to store public/private key. The key pair is generated and stored in the browser. You must use same machine and same user name to download the certificate once it is signed by the PK-Grid-CA.

 
     
 

Step 2

 
 

Download and Import Certificate.

 
 

Once your certificate is signed, you will receive an email containing the URL from where you can download your certificate.

 
     
 

Step 3

 
 

Using Certificate.

 
 
  • Download the certificate from the web URL received in the email from PK-Grid-CA.

  • Change the file extension from ".pem" to ".crt" and install it (For IE users only).

 
     
 

Step 4

 
 

Export Certificate.

 
   
     
 

Step 5

 
 

Grid Usage.

 
 

User Certificate

 
 
  • Make an hidden directory named .globus in home directory

 
                  $ mkdir .globus  
     
 
  • After exporting your certificate into PFX (either .pfx or .p12) file from the browser, split it into public and private key. Eventually, name public key as usercert.pem and private key as userkey.pem

 
                  $ openssl  pkcs12 -nocerts -clcerts -in your_cert.pfx -out  userkey.pem
                $ openssl  pkcs12 -nokeys -clcerts -in your_cert.pfx -out  usercert.pem
 
     
 
  • Move usercert.pem and userkey.pem to .globus directory

 
                  $ mv userkey.pem  .globus
                $ mv usercert.pem .globus
 
     
 
  • Change usercert.pem permissions to 440 and userkey.pem permissions to 400

 
                  $ cd  .globus
                $ chmod  440  usercert.pem
                $ chmod  400  userkey.pem
 
     
  Host Certificate  
 
  • After exporting the host certificate into PFX (either .pfx or .p12) file from the browser, split it into public and private key. Eventually, name public key as hostcert.pem and private key as hostkey.pem.

 
                  $ openssl  pkcs12 -nocerts  -clcerts -in host_cert.pfx -out  encrypted_hostkey.pem
                $ openssl  pkcs12 -nokeys -clcerts -in host_cert.pfx -out  hostcert.pem
 
     
 
  • By default, the private key extracted is in encrypted form. One can always decrypt it before using as shown in the command below:

 
                  $ openssl rsa -in encrypted_hostkey.pem -out hostkey.pem  
     
 
  • Make directory /etc/grid-security, if it does not already exist

 
                  $ mkdir /etc/grid-security  
     
 
  • Move hostcert.pem and hostkey.pem to /etc/grid-security directory

 
                  $ mv hostkey.pem   /etc/grid-security
                $ mv hostcert.pem  /etc/grid-security
 
     
 
  • Change hostcert.pem permissions to 440 and hostkey.pem permissions to 400

 
                  $ cd  /etc/grid-security
          
     $ chmod  440  hostcert.pem
           
     $ chmod  400  hostkey.pem
 
     
   
 

 

Copyright © NCP, 2003 - . All Rights Reserved.