Friday, December 18, 2009

Using p12 files with user commands (grid-proxy-init and voms-proxy-init)

Most of the Grid users have been generally instructed to convert the p12 certificate files they get from CA on their browser to pem format (i.e. usercert.pem and userkey.pem). This conversion requires the use of openssl command which could be challenge to a novice Grid user. Users are not required to do this any more. Client commands used by most OSG users (i.e. grid-proxy-init and voms-proxy-init) are capable of accepting p12 certificates. Here are some instructions of how they may be used
  1. Make sure the p12 certificate has restrictive permissions (read-only by user i.e. 400)
  2. Example invocations:
       voms-proxy-init -cert $HOME/.globus/mycert.p12 -key $HOME/.globus/mycert.p12 -voms myVO
grid-proxy-init -cert $HOME/.globus/mycert.p12 -key $HOME/.globus/mycert.p12
The users can still continue using pem certificates, this post is designed to make users and VOs aware of an alternative that may remove some challenges experienced by our users and improve their overall experience of OSG.