Certificates – Getting Ready for Submission

Once you have your certificate, you need to login to one of the GridUIs to ready your account for job submission.

This involved setting up your certificates and proxy generation.

Getting Your Certificate Ready

You will need to copy your userkey.pem and usercert.pem to a directory called ~/.globus/ onto the GridUI. If your certificate is in the PKCS12 format, there is a conversion guide below.

From your system:

ssh gridui1 "mkdir ~/.globus/"
ssh gridui1 "chmod 644 ~/.globus/"
scp user*.pem gridui1:~/.globus/
ssh gridui1 "chmod 444 ~/.globus/usercert.pem"
ssh gridui1 "chmod 400 ~/.globus/userkey.pem"

Creating a Basic Proxy

Now you have your certificate in place, you need to generate a proxy that basically acts as a temporary identifier to allow your jobs to access resources you’re allowed to but will also age and eventually expire in case of credential theft.

You need to generate a proxy every time you submit a new set of jobs. Proxies also include what VO you’re part of.

arcproxy -S pheno -N

You will have to input your certificate key password (not the PIN) and you will eventually see an output similar to

Your identity: /C=UK/O=eScience/OU=Durham/L=eScience/CN=Your Name
Contacting VOMS server (named pheno): voms03.gridpp.ac.uk on port: 15011
Proxy generation succeeded
Your proxy is valid until: 2020-01-01 00:00:00

You can now submit a job.

Working with Proxies

We will add more details on Proxies here soon containing:

• Proxy Info
• Re-inject Proxies
• Extended Proxies

Convert PKCS12 to split PEM

Key:

openssl pkcs12 -nocerts -in gridcert.p12 -out userkey.pem

Certificate:

openssl pkcs12 -clcerts -nokeys -in gridcert.p12 -out usercert.pem