TÜBİTAK » ULAKBİM » TR-Grid » Certification Authority » Export Certificates Contact Us  |  Sitemap  |  Türkçe 
TRUBA Home Page
TRUBA Initiative
Certification Authority
Valid Certificates
Registration Authorities
Certificate Request
Import Certificates
Export Certificates
Revocation Request
Certificate Policy
Success Metrics
Site Map


What is the purpose of your user certificate in your web browser?

You can use your certificate in your browser to view an ssl protected webpage. For example, access to the VO (virtual organization) membership websites and some grid monitoring websites are restricted to the users with a valid user certificate, that is well defined under IGTF* distribution. So, when you decide to apply for a VO to become a member, you must have your user certificate in your browser.

Registration pages of some example VOs are as follows:

seegrid VO: https://voms.irb.hr:8443/voms/seegrid/

atlas VO: https://lcg-voms.cern.ch:8443/vo/atlas/vomrs

cms VO: https://lcg-voms.cern.ch:8443/vo/cms/vomrs

biomed VO: https://cclcgvomsli01.in2p3.fr:8443/voms/biomed/

gaussian VO: https://voms.cyf-kr.edu.pl:8443/voms/gaussian

Why do you need to export your user certificate from your web browser?

You cannot use your certificate that is installed in your browser (in .p12 format) to run jobs or store data on grid infrastructure. In order to use CPU and storage resources, at a grid user interface (e.g., levrek.ulakbim.gov.tr) you should have public key (usercert.pem) and private key (userkey.pem) of your certificate in your user account under .globus directory. Hence, you need to export your certificate from your browser, i.e., download it to your computer and then copy it to the grid user interface.

Export your Certificate (Internet Explorer):

Tools->Internet Options->Content->Certificates->Personal->Export

Export your Certificate (Mozilla Firefox):

Edit->Preferences->Advanced->Encryption->View Certificates->Your Certificates->Backup


Tools->Options->Advanced->Encryption->View Certificates->Your Certificates->Backup

Copy and Use your Certificate at User Interface:

Connect via ssh** to levrek.ulakbim.gov.tr and create .globus directory at your user account:

ssh username@levrek.ulakbim.gov.tr
mkdir .globus

2. Copy the .p12 certificate (that you download from your browser) to your lufer/rower user account under .globus directory**.

3. Go into your .globus directory:

cd .globus

4. Generate your usercert.pem and userkey.pem files from your .p12 certificate:

openssl pkcs12 -clcerts -nokeys -in <name of file>.p12 -out usercert.pem
openssl pkcs12 -nocerts -in <name of file>.p12 -out userkey.pem

5. Set the correct permissions of files:

chmod 644 usercert.pem
chmod 400 userkey.pem

6. Try if your certificate works and after this step you can submit jobs or copy files to grid:

voms-proxy-init -voms <your VO>

* Currently, IGTF distribution constitutes all valid National Grid Certification Authorities that are recognized by several international and national grid infrastructures such as EGEE, OSG, DEISA, SEE-GRID, TR-Grid and several international and national VOs such as atlas, cms, biomed, gaussian, trgridb etc.

** If you are using Windows OS, you can download and use a program such as Putty or SSH Secure Shell Client for ssh connections and remote file transfers.

© 2007 TÜBİTAK-ULAKBİM Comments