|
|
(10 intermediate revisions by 4 users not shown) |
Line 1: |
Line 1: |
− | Most of the standalone third party tools installed on SNIC resources and your own machine will not be able to use a <tt>.p12</tt> certificate bundle (or <tt>.pfx</tt> if you exported from IE), as that format is intended primarily for secure transport and backup of certificates and their private keys.
| + | #REDIRECT[[Swestore Documentation Moved]] |
− | | |
− | Instead of a single <tt>.p12</tt> file, they expect a pair of files in <tt>.pem</tt> format, one containing the certificate and the other containing the private key that matches the certificate.
| |
− | | |
− | == Uploading and conversion of the .p12 for your target machine ==
| |
− | | |
− | As the authentication methods for clusters differ, this section will defer to documentations for your particular site when it comes to transferring files to and from the cluster storage.
| |
− | | |
− | The goal is to end up with a <tt>.globus</tt> directory in your home directory, containing two files named <tt>usercert.pem</tt> and <tt>userkey.pem</tt>.
| |
− | | |
− | * Transfer the <tt>.p12</tt> file to your home directory on the cluster.
| |
− | * Get an interactive shell on the login node, via ssh.
| |
− | * If an .globus directory already exists, rename it with something like
| |
− | <tt>mv ~/.globus ~/.globus-old</tt>
| |
− | * Create the directory with
| |
− | <tt>mkdir ~/.globus</tt>
| |
− | * Run the following commands to extract the components from the <tt>.p12</tt> or <tt>.pfx</tt>, when asked for import password, specify the password specified when exporting the certificate bundle from your brower:
| |
− | openssl x509 ..
| |
− | openssl x509 ..
| |
− | | |
− | chmod 0400 ~/.globus/usercert.pem
| |
− | chmod 0400 ~/.globus/userkey.pem
| |