Login to one of the Grid Service Nodes
Login to one of the Grid computing service nodes for a LONI cluster.
Generating Globus Certificate Request
If this is your first request for a LONI Grid Certificate:
Then run the command:
[sirish@qb1 ~]$ grid-cert-request
A certificate request and private key is being created.
You will be asked to enter a PEM pass phrase.
This pass phrase is akin to your account password,
and is used to protect your key file.
If you forget your pass phrase, you will need to
obtain a new certificate.
Generating a 1024 bit RSA private key
writing new private key to '/home/sirish/.globus/userkey.pem'
Enter PEM pass phrase:
As the text above says, you need to choose a pass phrase for activating the proxy from your certificate. This pass phrase is used to secure your private key, so DO NOT leave it blank. Also, DO NOT use your account password as the pass phrase.
Note: Your signed grid certificate is valid for six months. It is the responsibility of the user to store/manage the pass phrase, and we trust our users to take that responsibility seriously. Once a signed certificate is issued to a user for the first time, no new certificate will be issued to the same user within three months. If the new pass phrase is ever lost again, the user must wait until the current one expires. If a user renews an expired certificate and forgets the pass phrase, then he or she must wait until the expiration as well. For example, if a grid certificate is signed and issued to a user for the first time on January 1, the earliest date for the user to receive a new certificate is April 1. If the pass phrase is lost again within six months, then the user must wait until October 1. So please choose a secure pass phrase which is easy for you to remember or store it at a safe place.
If this is not your first request for a LONI Grid Certificate:
Sometimes the users want to renew an expired certificate or request for a new certificate. In such case use the -force switch in the command:
The -force switch is required on the machine where you already have an existing .globus folder in your home directory.
$ grid-cert-request -force
$ $GLOBUS_LOCATION/bin/grid-cert-request -force
What is happening?
Once grid-cert-request is issued, a directory .globus will be created in your home directory with three files: usercert_request.pem, userkey.pem, and an empty usercert.pem.
Sending LONI CA your certificate request
You need to email the usercert_request.pem file to firstname.lastname@example.org to require a user certificate signed by the CA.
| Do not email email@example.com for anything else other than sending the generated certificate request.
Users may direct questions to firstname.lastname@example.org.
At this point a LONI administrator will take over, issue the certificate, and normally, this is sent it back to the user by email.
Installing your certificate
After receiving the signed certificate, you need to copy it to ~/.globus/usercert.pem. Then, run the command:
$ grid-cert-info -s
To check your grid certificate information.