1 / 22

Association with the Gilda Virtual Organization

Association with the Gilda Virtual Organization. Certificate,VO membership, and MyProxy Server usage. Content.

melia
Download Presentation

Association with the Gilda Virtual Organization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Association with the Gilda Virtual Organization Certificate,VO membership, and MyProxy Server usage

  2. Content • Part1: Request and download a certificate.(The certificate will be created in your browser in pk12 format. However the P-Grade Portal uses certificates in pem format, therefore you must convert the certificate file and additionally generate an associated private key file – also in pem format ) • Part2:Request Gilda VO membership upon your existing pk12 certificate in your browser ( will not be accepted immediately ) • Part3: Creation and usage of a Myproxy Account using the P-Grade Portal

  3. General remark: • Gilda is an insulated educational Test bed. • It has the advantage that it has an own Certificate Authority (CA) which issues Certificates without real personal identification. • It has the drawback that these type of certificates have been issued by the Gilda CA are not accepted by other VO-s of the EGEE Grid community.

  4. Part 1. Get Certificate • 1.Go here: https://gilda-security.ct.infn.it/CA/mgt/restricted/ucert.php • 2. Fill the form: • 3. Wait for email! Click on the “Submit the request” button

  5. First E-mail notification from Gilda : Go here, to download the certificate in your browser.

  6. Download Certificate from your Browser( in case of Firefox) Step 1. Go to Options/Advanced/View Certificates in your Firefox browser Step 3. You will be prompted to store the certificate file in the local file system Step 4. You will be prompted to protect certificate file with a “Backup password” Step 2. Select the gilda certificate and hit button “Backup”

  7. Create the pem files on the local machine using “openssl” Step1: Create the certificate file “gildausercert.pem” from the pk12 file “gilda1.p12” gained from the browswer: openssl pkcs12 -in gilda1.p12 -clcerts -nokeys -out gildausercert.pem Note: Backup password (see previous slide) will be requested! Step2: Create the private key file “gildauserkey.pem” from the pk12 file “gilda1.p12” gained from the browswer: openssl pkcs12 -in gilda1.p12 -nocerts -out gildauserkey.pem Note 1: Backup password will be requested! Note 2: You will be prompted to define a new password in order to protect the “userkey.pem” file to be created (This password worth to be remembered on long run! It will be required when you upload your certificate on a MyProxy server. See Slide 17)

  8. Part 2 Request Gilda VO membership • Caveat ! Use the same browser in which you have received the Gilda certificate. • Step 1 accept the rules • Step 2 request VO membership • The proper links are in the received e-mail

  9. First E-mail notification from Gilda: (VO request/ Step1) Go here to see and accept the rules governing the Gilda community

  10. Form of Gilda Use Policy to be accepted Accept the rules governing the Gilda community

  11. First E-mail notification from Gilda: : (VO request/ Step2) Go to the link to get the VO membership request form

  12. Request form of GILDA VO membership Confirm the registration You will get a second letter prompting you to confirm your request:

  13. Second letter from Gilda: Go to the link (using the browser with the Gilda certificate) to conform the request You have to wait for a third letter:

  14. Third letter from Gilda:

  15. Part 3. • The certificate and private key pem files will be used to create a user account on a MyProxyServer • This account will be used to download a short term ProxyCertificate on the P-Grade Portal Server when a workflow submission is needed Operations related Part 3 will be executed on the P-Grade Portal

  16. Main view of Certificate Portlet Button “Upload” will be used to create a user certificate account on the a MyProxy server

  17. Create a User Account on a MyProxy server These files have been defined on Slide 7. This password has been defined on Slide 7. URL of selected MyProxyServer URL of selected MyProxyServer Define a password for the User Account Define a name for the User Account Confirm the creation of the User Account

  18. MyProxy User Account created! Button “Download” will be used to create short time proxy certificates on the base of the created User Account.

  19. Create and download a short term proxy certificate from a MyProxy server URL of selected MyProxyServer URL of selected MyProxyServer Password of the User Account Confirm the creation and downloading of a proxy certificate on to the Portal Server Name of the User Account has been defined on Slide 17.

  20. Confirmation of the successful download of the Proxy Certificate The system prompts you to associate a Virtual Organization to the existing short term proxy certificate

  21. Associate a VO with the selected short term Proxy Certificate Caution: As the base certificate is restricted to the Gilda infrastructure (see Slide 3) only the associated “gilda_GLITE_BROKER” is worth to be selected

  22. Closing Remark • To ensure the security chain three different passwords have been used: • “Backup password” to protect the downloaded Certificate file. (Slides 6, 7) • Private Key File path phrase to protect Certificate in pem format (Slides 7, 17) • The password to protect the User Account on the MyProxy Server (Slides 17, 19 )

More Related