A new version of the CERN-CA-certs package is available in the QA environment.
The new package removes the older certificates of the CERN Certification Authority. Please make sure to test your services and software with the new package.
Full details are available on the SSB entry: OTG0077330.

Skip Navigation Links.

How to use your certificate with voms-proxy-init.

To use a Certificate with Globus, you need to convert it to PEM format Key pair in 2 separate files: one for the key itself, and one for the certificate.

If the certificate is installed in your browser, you need to export it to a file first:

Convert to PEM Keypair

Copy the certificate to a file named myCert.p12 to the computer where you will run voms-proxy-init.

Extract your certificate (which contains the public key) and the private key:

  • Extract the certificate:
    openssl pkcs12 -in myCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
  • Extract the encrypted private key:
    openssl pkcs12 -in myCert.p12 -nocerts -out $HOME/.globus/userkey.pem
  • You must set the mode on your userkey.pem file to read/write only by the owner, otherwise voms-proxy-init will not use it:
    chmod 600 $HOME/.globus/userkey.pem
    chmod 600 $HOME/.globus/usercert.pem

Delete the myCert.p12 file created above to avoid security issues.

Created: 3/10/2020
Last reviewed: 5/2/2022
Send the page Send  |  Printable version Print