User's Page

h1. Prepare For Grid Usage

*1. First you need to create a Personal Certificate according to this help: [[Obtain_the_Personal_Certificate]]*

*2. Then you need to Join to the fgi.csc.fi Virtual Organization.*

You *should* use the *same machine* and *same Browser* for obtaining both the Certificate and for joining the VO:

Go to page https://voms.fgi.csc.fi:8443/voms/fgi.csc.fi, fill the form and submit it.

Once you have sent your application *you need to wait* until it has been processed after which you'll get an email how to proceed.

*3. Extract the Personal Certificate from Browser.*

NOTE: The Personal Certificate is bundle of User Certificate and an associated private key.

Your Personal Certificate is stored into the Web Browser where you created it. To extract it for the Grid usage proceed as follows:

Locate the certificate in your Browser. It's placed under something like "Preferences" => "Advanced" => "Certificates" => "View Certificates" => "Your Certificates".

For example the Certificate in Firefox for OSX looks the following:

https://p55cc-redmine.utu.fi/attachments/download/6/cert_help.tiff

It's hard to tell where it is stored as there are too many different Browsers and versions, but the name of the Certificate should be TERENA and your name and email must be part of the Certificate.

Now "Backup" or "Export" the Certificate, or whatever options you have to Extract the Certificate into a file.

You will be asked filename into which the Personal Certificate shall be stored. Give some name, for example _user.p12_

Select “File type” as PKCS12 for the Certificate file.

Then you will be asked to create a password. Invent a reasonable password and remember it (you will need it later).

Once you have entered the password the Personal Certificate will be stored into the given file. The file consist of the User Certificate and an associated private key.

These two items will be separated into two files next.

*5. Extract the Certificate private key from Personal Certificate*

Enter command as follows:

<pre>

openssl pkcs12 -nocerts -in user.p12 -out userkey.pem

</pre>

When executed, this command will ask for the old and the new key passwords (they can be the same). So you better use the same password.

*6. Extract the User Certificate from Personal Certificate*

Enter the command:

<pre>

openssl pkcs12 -clcerts -nokeys -in user.p12 -out usercert.pem

</pre>

The two commands above should have created two files, _usercert.pem_ and _userkey.pem_. These two files should be moved into a _.globus_ sub-directory under the user's home directory (note the dot as the first character of the directory name). If the _.globus_ directory does not exist, it can be created with the command:

<pre>

mkdir ~/.globus/

</pre>

After this, the two Certificate files can be moved to the _.globus_ directory with the commands:

<pre>

mv usercert.pem ~/.globus/

mv userkey.pem ~/.globus/

</pre>

At this point you can (should) remove the original Personal Certificate file:

<pre>

rm user.p12

</pre>

Finally, make sure that the access permissions of the _userkey.pem_ file are set up correctly. The command to ensure this is:

<pre>

chmod 400 ~/.globus/userkey.pem

</pre>

At this point the setup is done and you can verify all is done and you are ready to use Grid. To check enter the command:

<pre>

arcproxy -S fgi.csc.fi

</pre>

If successful the output is something like this:

<pre>

Your identity: /DC=org/DC=terena/DC=tcs/C=FI/O=Turun yliopisto/CN=Timo Eronen tke@utu.fi

Contacting VOMS server (named fgi.csc.fi): voms.fgi.csc.fi on port: 15003

Proxy generation succeeded

Your proxy is valid until: 2016-10-12 23:16:10

</pre>