Getting that all important grid certificate

This is a step-by-step guide to getting started on the grid ...

Requesting a certificate


  • Go to Certificate -> Request a Certificate -> User Certificate:
  • Fill in the form with "Liverpool CSD" as your registration authority (RA)
    N.B. This is just a temporary pin and it will be seen by the RA so choose something unimportant!
  • You will be asked to take some ID to Cliff Addison/Ian Smith in the CSD department (room 4.09 of the Chadwick tower)
  • Then wait for "New Issued Certificate" email

Importing the certificate into your browser

  • Go back to">GOSC -> Retrieve New Certificate and enter your serial number from the email
  • To test if it is imported correctly go to Test Certificate on the same page. You should get something like:
     Variable                        Value Your Distinguished Name (DN)    /C=UK/O=eScience/OU=Liverpool/L=CSD/CN=carl gwilliam Client Authentication           SUCCESS From                            Feb 13 13:06:06 2007 GMT To                            Mar 14 13:06:06 2008 GMT 

Exporting the certificate from your browser

  • This is browser specific:
    • Firefox: Go to Edit -> Preferences -> Advanced -> Certificates -> Manage Certificates -> Backup
    • Firefox 2: Go to Edit -> Preferences -> Advanced -> Encryption -> View Certificates ->Backup
    • Firefox (Windows): Tools->Options->Advanced->Encryption->View Certificates->Your Certificates->Backup
    • Mozilla: Go to Edit -> Preferences... -> Privacy & Security -> Manage Certificates -> Backup
    • Feel free to add any other's
      N.B. Remember this password if you want to use the exported cetificate in the future

Converting the certificate from P12 to PEM format

  • This is needed if you want to run grid jobs from the shell rather than just using the certificate in your browser
  • If you don't want all the hassel below, this shell script should do all the work for you. Just do -pem infile.p12
  • Make a userkey:
    openssl pkcs12 -nocerts -in Cert.p12 -out userkey.pem
  • Make a usercert:
    openssl pkcs12 -clcerts -nokeys -in Cert.p12 -out usercert.pem
    N.B. The password you enter here is what you will need if you ever want to submit grid jobs, so keep it safe!
  • Make a .globus directory and move them both there
  • Set the permissions as follows:
    chmod 700 ${HOME}/.globus
    chmod 444 ${HOME}/.globus/usercert.pem
    chmod 400 ${HOME}/.globus/userkey.pem
    N.B. If you're using AFS don't forget to set the afs permissions too (fs setacl)
  • To convert back at any point you can use:
    openssl pkcs12 -export -inkey ${HOME}/.globus/userkey.pem -in ${HOME}/.globus/usercert.pem -out Cert.p12 -name "Grid Certificate"
    or just re-export from your browser (which is useful if you forget the password you gave when exporting).

Testing the exported certificate

  • To do this (or use the grid in general) you need to be logged into a User Interface (UI)
    • On LXPLUS just do
      source /afs/
    • At liverpool just log onto hepgrid1 (using your normal NFS password)
  • You can verify your certificate via:
    openssl verify -CApath /etc/grid-security/certificates ${HOME}/.globus/usercert.pem
  • You can get info on your certificate via:

Getting a virtual organisation (VO) membership

  • Go to the LCG User Registration page
  • Click on ATLAS
  • Click on Registration(Phase I) and fill in the form
  • You must choose "Alessandro DeSalvo" as your representitive and it seems to need your CERN email address!
  • Wait for a reply email
  • Click on Registration(Phase II)
  • Click the box marked "/atlas/uk" (leave all options/boxes unchanged) and submit your request
  • Wait for an email confirming you VO membership. You're now ready to use the grid ...

Submitting ATLAS grid jobs

-- CarlGwilliam - 13 Feb 2007
Topic revision: r11 - 01 Oct 2018, RicardoLopez
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback