Personal certificates

Access to certains CNRS services, as well as access to the resources of the computing grid, requires a valid certificate. A CNRS staff member may obtain and manage a personal certificate through the Management of Janus user accounts.

Attention

The delivery of a CNRS personal certificate depends directly on the domain name associated with the e-mail used. If the domain name is not attached to CNRS, you will need to contact the supervisory body managing the domain name.

Convert a certificate

Conversion from PKCS12 to PEM

To get the private key in the file ~user/.globus/userkey.pem:

% openssl pkcs12 -nocerts -in cert.p12 -out ~user/.globus/userkey.pem

To get the certificate in the file ~user/.globus/usercert.pem:

% openssl pkcs12 -clcerts  -nokeys -in cert.p12 -out ~user/.globus/usercert.pem

Note

By convention, when authenticating to a computing grid, the command that generates the grid certificate looks for the private key in the ~user/.globus/ directory.

Check (and change) file modes:

% chmod 0600 userkey.pem

% chmod 0644 usercert.pem

Use te openssl command to read the content of a certificate:

% openssl x509 -text -noout -in usercert.pem

Conversion from PEM to PKCS12

If the certificate can be found in usercert.pem and if the private key can be found in userkey.pem, it is possible to generate a PKCS13 file named certif.p12 from these two files using the following command:

% openssl pkcs12 -export -out certif.p12 -inkey userkey.pem -in usercert.pem