VDT logo
Search:

(Powered by Google)

Note: This version of the VDT (1.10.1) is supported, but is not our latest stable release. The current stable release is 2.0.0.

Post-install Configuration

Congratulations! You've installed the VDT. That wasn't so hard now, was it? If it was, please let us know. We're always working to make the VDT easier to install and your feedback is essential.

Post-installation steps for clients

Get a user certificate

Before you can submit a job or do many other actions on the grid, you need to have a user certificate. There is no single set of directions for getting a certificate, because you need to apply for a certificate from an appropriate certificate authority. Many of the US-based users of the VDT will get a certificate from DOEGrids CA, perhaps using the OSG registration authority, but there will be many exceptions to this. Because there is no single process to get a user certificate, we cannot provide further guidance, but hopefully it will be clear from the project you are involved with.

Your certificate is normally installed in your home directory, in a subdirectory called .globus. There are two files: one for the public certificate (usercert.pem) and one for the private key (userkey.pem). For example: 

> ls -l ~/.globus
total 80
-rw-r--r--    1 roy      roy          1700 Sep  7  2007 usercert.pem
-rw-------    1 roy      roy          1906 Sep  7  2007 userkey.pem

Note that the permissions on usercert.pem are world-readable. This is safe because it is your public certificate. Note that the userkey.pem is only readable by the user. This is essential: if someone ever gets access to your key, then can impersonate you, so it must be kept private.

Please note: If someone else ever gets access to your userkey.pem, or if you suspect that they might have, you should consider your key to be compromised and you should have your certificate revoked.

The user certificate and key files describe above are PEM-encoded files. You will often get these from your CA packaged together as a p12 file, and you can extract them like this: (assuming your file is named cert.p12) 

openssl pkcs12 -in cert.p12 -clcerts -nokeys -out ~/.globus/usercert.pem
openssl pkcs12 -in cert.p12 -nocerts -out ~/.globus/userkey.pem