How to add a new certificate

Sometimes you may need to add another grid certificate and register it with LCG (Atlas VO Registration).

Step 1: Save Current Certificate

Save your current (old) certificates in another directory so that your new certificates can be installed in the default location; eg.

cd ~/.globus
mkdir primary/
mv *.pem ~/.globus/primary/

From now on, if you want to use your old certificates (eg. while waiting for the new ones or for debugging), you will need to do like the following:

voms-proxy-init -voms atlas:/atlas/ca -cert ~/.globus/primary/usercert.pem -key ~/.globus/primary/userkey.pem

Step 2: Obtain New Grid Certificate

For Eastern Canada, Summer Students (or anyone requiring certificates valid less than 1 year)

Follow these instructions to request a new certificate but only do that section. Then do the next step outlined below on this page.

For Western Canada

Follow these instructions but only do that section. Then do the next step outlined below on this page.

Step 3: Register Certificate to LCG

Before you do anything, point your browser to https://cafiles.cern.ch/cafiles/certificates/Grid.aspx and click on the two CERN ROOT and Grid certificates and check the boxes to trust them.

If this is the first time you are registering as an LCG user, then skip the rest of this step and follow the LCG Registration procedure in the link.

  • Add your original certificate to your web browser as described here. You only need to do this if you are not using the same browser, on the same machine, where you first registered your primary certificate. Note: If you are making your new certificate your primary, we recommend that you do not remove the original certificate from your browser until after the new certificate has been successfully accepted by LCG.

  • Go to your LCG VOMS Admin Home page;
    • you should be automatically logged in with your primary certificate.
    • under the certificates section, click on the "Request New Certificate" button.
    • load your usercert.pem file (click on the "choose file" button) and click on the "Request Certificate button)

  • The VO manager has to approve your new certificate. You should be able to check the status by going to the LCG VOMS Admin Home page.

  • In addition, if your web browser is using the old certificate to access the ATLAS LCG site, you may want to replace it with the new certificate. (for example on how to do it for Firefox, see here)

-- AsokaDeSilva - 23 Oct 2007

Edit | Attach | Watch | Print version | History: r24 < r23 < r22 < r21 < r20 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r24 - 2019-04-05 - AsokaDeSilva
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback