|
|
EnderUNIX İpucuArkadaşıma gönder , Ana Sayfa[ Shell Scripting ] "How to extract userkey.pem and usercert.pem from your certificate" - N. Ersen SISECI - (2009-08-10 18:09:42) [11758] Usually X.509 Certificates are downloaded using a browser and managed by the browser itself. Anyway it is possible to export your certificate in a file PKCS12 (which will probably have the extension .p12 or .pfx). The procedure to export the certificate vary from browser to browser, for example Internet Explorer starts with "Tools − > Internet Options − > Content"; Netscape Communicator has a "Security" button on the top menu bar; Mozilla starts with "Edit − > Preferences − > Privacy and Security − > Certificates" and Firefox has "Edit − > Preferences − > Advanced − > Certificates − > manage certificates − > backup". Unfortunately PKCS12 format is not accepted by Globus security infrastructure, but you can easily convert it into the supported standard (PEM). This operation will split your *.p12 file in two files: the certificate (usercert.pm) and the private key (userkey.pm). The conversion can be performed with openssl tool: $ openssl pkcs12 -nocerts -in mycert.p12 -out userkey.pem $ openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem to removing private key's password $ openssl rsa -in userkey.pem -out userkey2.pem $ chmod 0400 userkey.pem $ chmod 0400 userkey2.pem $ chmod 0600 usercert.pem Permission must be set as shown not only for security reasons: voms-proxy-init and grid-proxy-init commands will fail if your private key is not protected as listed above. Source: http://lists.grid.sinica.edu.tw/apwiki/How_to_extract_userkey.pem_and_usercert.pem_from_your_certificate Arkadaşıma gönder , Ana Sayfa |
|