Certificates

How to obtain personal certificates

For authentication within the Latfor DataGrid the Globus Grid Security Infrastructure (GSI) is used. This is based on the Public Key Infrastructure (PKI) and uses X.509 certificates. Certificates are issued by a Certification Authority (CA) and can be requested either at the CA directly or a Registration Authority (RA).

ILDG sites should accept certificates issued by any of the CAs which are member of the International Grid Trust Federation. Check their website to find your national or regional CA.

For German users there exist two CAs. Please check whether they provide a Registration Authority (RA) at your university or institution:

  • GridKA
  • DFN (look for link "Liste der Grid RAs")

For details on how to request a certificate from the German GridKa see http://www-grid.desy.de/certs. If you do not find a RA or in case of other problems send an email to dirk.pleiter__at__desy.de

Converting into PEM format

You may receive your certificate in PKCS#12 format. For LDG you need to convert this into a key and a certificate in PEM format:

  openssl pkcs12 -in myfile.p12 -nocerts -clcerts -out userkey.pem
  openssl pkcs12 -in myfile.p12 -nokeys -clcerts -out usercert.pem

Always protect your certificate by a password (independently of the format)!

Converting into PKCS#12 format

You may have to convert your key and certificate into PKCS#12 format. This format is needed when loading certificate into a web browser:

  openssl pkcs12 -export -out myfile.p12 -inkey userkey.pem -in usercert.pem

Always protect your certificate by a password (independently of the format)!