r4 - 19 Dec 2005 - 16:56:50 - JohnHoverYou are here: TWiki >  Support Web > ServiceCert

Aquiring a Service Certificate ( for Developers )

  • 1. Be sure you have a DOEgrids-issued User certificate and that User certificate is loaded into your browser. See here if you need help with this.

  • 3. Log into gridui01.usatlas.bnl.gov. Run doegrids-cert-request providing -host <full-hostname> -service <servicename> arguments. This will generate a <service>cert_request.pem file. Note that this process also generates a <servicename>key.pem file. Keep this (i.e.copy it, usually renamed to hostkey.pem) as you will need it later on your service host. Keep this file non-world-readable as it is the key.

  • 4. Copy the ----BEGIN CERTIFICATE REQUEST'---- section of the file into the browser window at https://pki1.doegrids.org/ under the 'Grid or SSL Server' section under the 'Enrollment' tab.

  • 5. Fill out the rest of the information. The only difference between this and a host cert request is that in addition to specifying the hostname, the service name should be prepended e.g. CN=service1/host.at.bnl.gov . Note that it remains up to the programmer to verify the service name and hostname within their application ( in addition to noting that it is a valid cert).

  • 6. Retrieve the issued certificate after recieving e-mail notification from doegrids.org. Follow the link in the notification. The section you want is 'Base 64 encoded certificate'. Cut and paste this section, including ------BEGIN CERTIFICATE----- and -----END CERTIFICATE----- into a file hostcert.pem.

  • 7. Place the hostcert.pem and hostkey.pem within your application. Be sure that permissions are set so that the hostkey.pem file is only readable by your service account.

About This Site

Please note that this site is a content mirror of the BNL US ATLAS TWiki. To edit the content of this page, click the Edit this page button at the top of the page and log in with your US ATLAS computing account name and password.


Attachments

 
Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback