NorduGrid Certificates

Most grid users should request their certificates using the GEANT/DigiCert service. If your organization is not compatible with the GEANT/Digicert portal, you can apply for a personal grid certificate from NorduGrid.

This process is slower than the Terena process, and you might have to wait for a week or two to get your certificate. You will need a Linux/MacOSX machine, and an open terminal on that machine. You can use the CSC machines for this.

The following commands should get the process started:

First you need to create the .globus directory in your home directory

$ mkdir -p ~/.globus

Then you need to create the certificate request

$ openssl req -new -newkey rsa:2048 \
  -out ~/.globus/usercert_request.pem \
  -keyout ~/.globus/userkey.pem \
  -subj "/O=Grid/O=NorduGrid/ Lastname/"

For example for a Mr. John Smith from CSC, it would look like.

$ openssl req -new -newkey rsa:2048 \
  -out ~/.globus/usercert_request.pem \
  -keyout ~/.globus/userkey.pem \
  -subj "/O=Grid/O=NorduGrid/ Smith/"

This will ask for a password for the certificate private key. Please choose a good password. After that you need to run the following command.

$ chmod 400 ~/.globus/userkey.pem

When you are done with this, mail the ~/.globus/usercert_request.pem file to and we will forward the request.

After receiving the certificate

When you receive your certificate, you should save the certificate as ~/.globus/usercert.pem.

You might need to have your certificate in your browser. To do that you need to run the following command, to convert the certificate into a format that the browser understands.

$ openssl pkcs12 -export -out ~/.globus/usercert.p12 -inkey ~/.globus/userkey.pem -in ~/.globus/usercert.pem

This will ask you for your old and new certificate password. These can be the same.

From your browser, go to certificate management, and from there you can import ~/.globus/usercert.p12

If you have any questions, please contact