Most grid users should request their certificates using the GEANT/DigiCert service. If your organization is not compatible with the GEANT/Digicert portal, you can apply for a personal grid certificate from NorduGrid.
This process is slower than the Terena process, and you might have to wait for a week or two to get your certificate. You will need a Linux/MacOSX machine, and an open terminal on that machine. You can use the CSC machines for this.
The following commands should get the process started:
First you need to create the .globus directory in your home directory
$ mkdir -p ~/.globus
Then you need to create the certificate request
$ openssl req -new -newkey rsa:2048 \ -out ~/.globus/usercert_request.pem \ -keyout ~/.globus/userkey.pem \ -subj "/O=Grid/O=NorduGrid/OU=organization.fi/CN=Firstname Lastname/emailAddressemail@example.com"
For example for a Mr. John Smith from CSC, it would look like.
$ openssl req -new -newkey rsa:2048 \ -out ~/.globus/usercert_request.pem \ -keyout ~/.globus/userkey.pem \ -subj "/O=Grid/O=NorduGrid/OU=csc.fi/CN=John Smith/emailAddressfirstname.lastname@example.org"
This will ask for a password for the certificate private key. Please choose a good password. After that you need to run the following command.
$ chmod 400 ~/.globus/userkey.pem
When you are done with this, mail the ~/.globus/usercert_request.pem file to email@example.com and we will forward the request.
After receiving the certificate
When you receive your certificate, you should save the certificate as ~/.globus/usercert.pem.
You might need to have your certificate in your browser. To do that you need to run the following command, to convert the certificate into a format that the browser understands.
$ openssl pkcs12 -export -out ~/.globus/usercert.p12 -inkey ~/.globus/userkey.pem -in ~/.globus/usercert.pem
This will ask you for your old and new certificate password. These can be the same.
From your browser, go to certificate management, and from there you can import ~/.globus/usercert.p12
If you have any questions, please contact firstname.lastname@example.org