Obtaining a certificate
The first thing you need to do is to obtain a digital certificate.
Certificates are similar to ID cards or passports in the sense that
they are credentials that are used to identify an entitity. Certificates
are issued by the so called certification authorities (CAs). A certification
authority is a body that can issue certificates asserting that they
identify and belong to a specific physical entity. The certificates
used for grid computing are issued by special certification authorities
called grid certification authorities. Each grid CA covers a specific
geographic region or organization. Currently there aren't grid CAs
operating in Latin America. One of the goals of EELA is to establish
a grid authentitication infrastructure covering Latin America and for
this purpose CAs are being established with the support of EELA in
several countries.
Until these CAs become available EELA users from Latin America will need to obtain
certificates from the French CNRS CA. EELA has established registration
authority offices in several EELA countries that enable users to obtain
certificates from the CNRS CA. Depending on your country you should
use one of these RAs to obtain the certificate.
The CNRS CA web page for certificate requests is available at the
following URL:
http://igc.services.cnrs.fr/GRID-FR/?lang=en&cmd=certificates&type=usercert
In the box organism you should enter one of the RAs of the list below,
you will then be contacted by the RA for authentication of the request.
- Mexico: ICN-UNAM - Universidad Nacional Autonoma de Mexico
- Brazil: UFRJ - Universidade Federal do Rio de Janeiro
- Brazil: UFF - Universidade Federal Fluminense
- Venezuela: ULA - Universidad de Los Andes
- Chile: UDEC - Universidad de Concepcion
- Chile: UTFSM - Universidad Tecnica Federico Santa Maria
- Chile: REUNATEC - Red Universitaria Nacional
- Argentina: UNLP - Universidad Nacional de La Plata
If your country does not match any of the RAs defined above please
contact eela.support@lip.pt to establish a new EELA RA in your country.
The EELA European users should use the grid CAs from their own countries.
Virtual organizations
The possession of a certification does not imply any kind of automatic
access to grid resources. To be authorized to access grid resources you
must be registered in a virtual organization. A virtual organization is
a basically a set of users that share the same goals and the same
computing resources. EELA has currently two VOs:
- EELA: for normal users
- EDTEAM: for site and infrastructure managers
The web interfaces for VO registration are available at:
https://voms.lip.pt:8443/voms/eela/webui/request/user/create
https://voms.lip.pt:8443/voms/edteam/webui/request/user/create
You must also read and agree on the
EELA AUP (Acceptable Use Policy) which is available at the EELA document server.
Use the infrastructure
Once your VO registration request has been accepted you can access the infrastructure
but first you need to export your certificate from the browser and install it in a
user interface. The user interface is usually a system that is installed at each
grid resource centre and that enables the user to access the infrastructure.
If you need access to a user interface system please contact eela.support@lip.pt
If your site is an EELA grid resource centre then you have for sure a local user
interface in which case you should contact your local grid administrator.
To steps to extract a certificate vary from web browser. Here the steps for
firefox are explained.
- Goto: Edit->Preferences->View Certificates
- In the "Your certificates" tab select your certificate and press the backup button
- Select the destination file
- Insert a passphrase to protect the certificate
- Press OK
- A copy of the certificate should be available in the specified filename with ".p12" extension.
- Protect this copy with a command such as "chmod og= filename.p12"
- Now you need to extract from this file the private and the public key
for this purpose copy the file to the user interface machine making
sure that the file remains protected agains accesses from other users.
- If the directory "$HOME/.globus" does not exist create it.
- extract the private key: "openssl pkcs12 -nocerts -in filename.p12 -out $HOME/.globus/userkey.pem
- extract the public key: openssl pkcs12 -clcerts -nokeys -in filename.p12 -out $HOME/.globus/usercert.pem
- protect the private key with: chmod 400 $HOME/.globus/userkey.pem
You can now test the certificate by craeting a proxy with the following command:
voms-proxy-init --voms eela
For the users registered in the edteam VO the eela word must be replaced bu edteam.
If sucecssful you can start accessing the grid.
| 
