Now you have requested and downloaded your certificate you can use it to access the grid.

You may need to use it on a Linux machine with middleware such as Globus installed. You will need to prepare your certificate following the instructions:

Step 1: Export your certificate 

Follow the instructions on backing up your certificate page in order to export your certificate.

Step 2: Convert your certificate

Once you have exported your certificate you will need to convert it into a form that Globus Toolkit can use. This can be done using OpenSSL toolkit which is available on many Linux distributions. A Windows version of OpenSSL is also available.

These instructions assume you exported your certificate as cert.p12:

Extract the public key

If you have a user certificate, use this command:

$> openssl pkcs12 -in cert.p12 -clcerts -nokeys -out usercert.pem

If you have a host/server certificate, use this command:

 $> openssl pkcs12 -in cert.p12 -clcerts -nokeys -out hostcert.pem

You will now be prompted to enter the passphrase protecting the certificate you chose in Step 1:

Enter Import Password: ***** 
MAC verified OK
$>  ls
cert.p12  usercert.pem

Extract the private key 

If you have a user certificate, use this command:

$> openssl pkcs12 -in cert.p12 -nocerts -out userkey.pem

If you have a host/server certificate, use this command:

$> openssl pkcs12 -in cert.p12 -nocerts -nodes -out hostkey.pem

Again you will be prompted to enter the passphrase protecting the certificate from Step 1:

Enter Import Password: *****
MAC verified OK

If you have a usercertificate, you will need to create a strong passphrase that will protect your private key.  Our policy states that the passphrase must be at least 16 characters long and contain upper and lower case letters. If you have a host certificate, this passphrase is not necessary as the key is protected by filesystem security.

Enter PEM pass phrase: ****************
Verifying - Enter PEM pass phrase: ****************
$> ls
cert.p12  usercert.pem  userkey.pem

For security reasons you should delete the cert.p12 file you exported from your browser.  If you choose to keep it then it must be protected by a strong passphrase like the private key.

Step 3: Save your certificate (Linux)

Transfer your certificate to the machine that will be running Globus Toolkit.  They need to be stored in a directory called .globus in your home directory.

$> cd ~/.globus
$> ls
usercert.pem  userkey.pem

Step 3: Save your certificate (Windows)

Open a command prompt and point to your home directory. Usually Windows will open the command prompt in the your HOME directory. If the command prompt is displaying another directory, run the following commands.

C:\>cd %HOMEPATH%
C:\Documents and Settings\bkn54849>

Create a .globus directory

C:\Documents and Settings\bkn54849>mkdir .globus

Copy the files created in Step 2 into the new .globus directory

C:\Documents and Settings\bkn54849>dir .globus
 Volume in drive C has no label.
 Volume Serial Number is FCEB-123C
 Directory of C:\Documents and Settings\bkn54849\.globus
04/07/2007  11:10    <DIR>          .
04/07/2007  11:10    <DIR>          ..
04/07/2007  10:41             1,897 usercert.pem
04/07/2007  10:42             1,200 userkey.pem

Step 4: Change the permissions on your certificate

Windows users: Do not need to to set File permissions. 

$> chmod 644 usercert.pem
$> chmod 600 userkey.pem

Your certificate is now in a suitable form to be used by Globus Toolkit.  For example, you can create a proxy certificate using the grid-proxy-init command or the myproxy-init command to upload a certificate to the myproxy server.

Although not required by Globus Toolkit, it is also a good idea to restrict access to the .globus directory:

$> chmod 700 ~/.globus