Certificates
HPC and Data for Lattice QCD
Certificates
How to obtain personal certificates
For authentication within the Latfor DataGrid the Globus Grid Security Infrastructure (GSI) is used. This is based on the Public Key Infrastructure (PKI) and uses X.509 certificates. Certificates are issued by a Certification Authority (CA) and can be requested either at the CA directly or a Registration Authority (RA).
ILDG sites should accept certificates issued by any of the CAs which are member of the International Grid Trust Federation. Check their website to find your national or regional CA.
For German users there exist two CAs. Please check whether they provide a Registration Authority (RA) at your university or institution:
For details on how to request a certificate from the German GridKa see http://www-grid.desy.de/certs. If you do not find a RA or in case of other problems send an email to dirk.pleiter__at__desy.de
Converting into PEM format
You may receive your certificate in PKCS#12 format. For LDG you need to convert this into a key and a certificate in PEM format:
openssl pkcs12 -in myfile.p12 -nocerts -clcerts -out userkey.pem openssl pkcs12 -in myfile.p12 -nokeys -clcerts -out usercert.pem
Always protect your certificate by a password (independently of the format)!
Converting into PKCS#12 format
You may have to convert your key and certificate into PKCS#12 format. This format is needed when loading certificate into a web browser:
openssl pkcs12 -export -out myfile.p12 -inkey userkey.pem -in usercert.pem
Always protect your certificate by a password (independently of the format)!