Certificate
For having to access to the NICA GRID (DIRAC) infrastructure one needs to have GRID certificate issued by one of following certificate authorities:
How to obtain certificate from CERN?
- One needs visit https://ca.cern.ch
- Click New Grid User certificate
- Convert from
p12topemformat one can follow instruction here
How to obtain certificate from RDIG?
One needs to have:
- Account at Central Information and Computer Complex of JINR (CICC),
- Mail at jinr.ru.
First step to get certificate it to make certificate request one needs to fill information about yourself. E.g.
| English | Russian | Value |
|---|---|---|
| Name | Имя | Ivan |
| Surname | Фамилия | Ivanov |
| iivanov@jinr.ru | ||
| Telephone | Контактный телефон | +79999999999 |
| Common Name | Common Name | Ivan Ivanov |
| Organization | Организация | JINR, jinr.ru |
Please fill this information here and press button Далее.
Next page will give you two files
user_cert-request.shuser_cert-form.pdf
Then create directory $HOME/.globus
[iivanov@space21 ~]$ $HOME/.globus
Store these two files in $HOME/.globus. One should get following structure
[iivanov@space21 ~]$ ls -la $HOME/.globus
total 114
drwxr-xr-x 3 iivanov hybrilit 6 Dec 6 15:47 .
drwxr-xr-x 15 iivanov hybrilit 23 Dec 6 15:43 ..
-rw-r--r-- 1 iivanov hybrilit 47250 Dec 6 15:47 user_cert-form.pdf
-rw-r--r-- 1 iivanov hybrilit 16689 Dec 6 15:47 user_cert-request.sh
Next step is to run the user_cert-request.sh by doing
[iivanov@space21 ~]$ cd $HOME/.globus
[iivanov@space21 ~]$ sh user_cert-request.sh
- During the runing of this script will ask you the strong password with 15 characters. Please fill it in
remember passwd for future - Script will produce public key as long string. 10 starting digits and 10 ending digits of modulus was separated by spaces from the rest of the digits for your convenience
D4769B9AFE .....
................
..... 4708EE9CB9
In previous example staring 10 digits are D4769B9AFE and ending 10 digits are 4708EE9CB9
Sign and send form to JINR egistration Authority
- One should add this infrmation into printed
user_cert-form.pdffile and signed the form - Filled and signed form should be passed to the persons responsible at JINR (Registration Authority at JINR, RA) in LIT office 563, tel. 2164317, e-mail : grom@jinr.ru
Send mail with additional information
After form is passed to JINR egistration Authority, one needs to send email with follwing information. One have following files in $HOME/.globus directory. Output
[iivanov@space21 .globus]$ ls -la
-rw------- 1 iivanov hybrilit 490 Dec 6 15:59 usercert.20211206-155840.pem
-r-------- 1 iivanov hybrilit 1743 Dec 6 16:00 userkey.20211206-155840.pem
-rw------- 1 iivanov hybrilit 1164 Dec 6 16:02 userreq.20211206-155840.mail
- Send the file -
userreq.xxx.mailtokiae, by:
[iivanov@space21 .globus]$ mail < userreq.20211206-155840.mail rdig-ca@grid.kiae.ru
- The file with
KEY
userkey.20211206-155840.pem
you should SAVE, CLOSE it and NEVER LOSE
1. Please wait e-mail with certificate
- Check validation of your key as:
[iivanov@space21 ~]$ openssl rsa -in $HOME/.globus/userkey.pem -noout -modulus
[iivanov@space21 ~]$ openssl x509 -in $HOME/.globus/usercert.pem -noout -modulus
results should be same from rsa and x509
certificateandcertkeyshould be complementary!
Convert pem to p12 format for web browser
openssl pkcs12 -export -out ~/.globus/cert.p12 -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem
And load cert.p12 in to your browser. put usercert.p12 on brouser
Firefox :
settings -> Privacy&Security-> Certificates->View Certificates-> import
When certificate is imported in web browser one can continue to next stage.
Certificate cleanup
One needs only following files to be saved in ~/.globus directory. Other files can be removed. Your directory after removal might look like this
$ ls -al ~/.globus/
total 12K
drwxr-xr-x. 1 mvala mvala 66 May 10 2021 .
drwxr-xr-x. 1 mvala mvala 116 Dec 15 16:23 ..
-rw-r--r--. 1 mvala mvala 3.7K May 10 2021 cert.p12
-rw-------. 1 mvala mvala 3.3K May 10 2021 usercert.pem
-rw-------. 1 mvala mvala 2.0K May 10 2021 userkey.pem