Certificates – Getting Ready for Submission
Once you have your certificate, you need to login to one of the GridUIs to ready your account for job submission.
This involved setting up your certificates and proxy generation.
Getting Your Certificate Ready
You will need to copy your userkey.pem and usercert.pem to a directory called ~/.globus/ onto the GridUI. If your certificate is in the PKCS12 format, there is a conversion guide below.
From your system:
ssh gridui1 "mkdir ~/.globus/" ssh gridui1 "chmod 644 ~/.globus/" scp user*.pem gridui1:~/.globus/ ssh gridui1 "chmod 444 ~/.globus/usercert.pem" ssh gridui1 "chmod 400 ~/.globus/userkey.pem"
Creating a Basic Proxy
Now you have your certificate in place, you need to generate a proxy that basically acts as a temporary identifier to allow your jobs to access resources you’re allowed to but will also age and eventually expire in case of credential theft.
You need to generate a proxy every time you submit a new set of jobs. Proxies also include what VO you’re part of.
arcproxy -S pheno -N
You will have to input your certificate key password (not the PIN) and you will eventually see an output similar to
Your identity: /C=UK/O=eScience/OU=Durham/L=eScience/CN=Your Name Contacting VOMS server (named pheno): voms03.gridpp.ac.uk on port: 15011 Proxy generation succeeded Your proxy is valid until: 2020-01-01 00:00:00
Working with Proxies
We will add more details on Proxies here soon containing:
- Proxy Info
- Re-inject Proxies
- Extended Proxies
Convert PKCS12 to split PEM
openssl pkcs12 -nocerts -in gridcert.p12 -out userkey.pem
openssl pkcs12 -clcerts -nokeys -in gridcert.p12 -out usercert.pem