Thanks to Vaughn McMullin, we were able to come up with a repeatable process for installing existing PHINMS user certificates on Globus nodes. The following is a high level description of the process:
1.Export your PHINMS certificate with Internet Explorer using the Personal Information Exchange PKCS12 option.
2.Check the, “Include all certificates and certificate paths” box. NOTE: This should be the only option checked.
3.Upload the exported certificates to the Globus node. (Root, Intermediate, and Private)
4.Use Portecle to view the exported certificates. Portcle is started using the following command: java -jar portecle.jar
5.Use the PEM Encoding option in Portecle to generate a PEM file that Globus can understand.
6.Create a hash name for the PEM file that was created using the following command: openssl x509 -in yourfile.pem -noout -hash
7.Rename the file to the hash number displayed in the following format: hash.0
8.Manually create a signing policy named (hash.signing_policy) Use the following link as a guide to create a signing policy for PHINMS certificates: http://labserv.nesc.gla.ac.uk/projects/etf/gt4howto/gt4localca.html
9.Copy the new files to /etc/grid-security/certificates
10.Verify proper installation by running the following command: openssl verify -verbose -CApath /opt/vdt/globus/TRUSTED_CA -purpose sslclient /home/your_user/your.pem
Thursday, July 31, 2008
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment