Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site

Managing Your Personal X.509 User Certificate

Once a year, you must renew your personal X.509 user certificate. You will receive renewal notices by email when the time comes. Once you have gone through their process to get the new certificate, you must install it properly. The instructions that follow assume you have your new certificate loaded into your web browser.

  1. From your browser, save your certificate in PKCS12 format with a .p12 extension
  2. Copy the .p12 file to a CSL machine
  3. Extract the public user certificate:
    openssl pkcs12 -in <CERT_P12_FILE> -clcerts -nokeys -out $HOME/.globus/usercert.pem
  4. Extract the private user key:
    openssl pkcs12 -in <CERT_P12_FILE> -nocerts -out $HOME/.globus/userkey.pem
  5. Set permissions as appropriate:
    chmod 0644 $HOME/.globus/usercert.pem
    chmod 0400 $HOME/.globus/userkey.pem
  6. Copy the usercert.pem and userkey.pem files to other machines as needed