EnderUNIX İpucuArkadaşıma gönder , Ana Sayfa
[ Shell Scripting ]
"How to extract userkey.pem and usercert.pem from your certificate" - N. Ersen SISECI - (2009-08-10 18:09:42) 
Usually X.509 Certificates are downloaded using a browser and managed by the browser itself. Anyway it is possible to export your certificate in a file PKCS12 (which will probably have the extension .p12 or .pfx).
The procedure to export the certificate vary from browser to browser, for example Internet Explorer starts with "Tools − > Internet Options − > Content"; Netscape Communicator has a "Security" button on the top menu bar; Mozilla starts with "Edit − > Preferences − > Privacy and Security − > Certificates" and Firefox has "Edit − > Preferences − > Advanced − > Certificates − > manage certificates − > backup".
Unfortunately PKCS12 format is not accepted by Globus security infrastructure, but you can easily convert it into the supported standard (PEM). This operation will split your *.p12 file in two files:
the certificate (usercert.pm) and the private key (userkey.pm). The conversion can be performed with openssl tool:
$ openssl pkcs12 -nocerts -in mycert.p12 -out userkey.pem
$ openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem
to removing private key's password
$ openssl rsa -in userkey.pem -out userkey2.pem
$ chmod 0400 userkey.pem
$ chmod 0400 userkey2.pem
$ chmod 0600 usercert.pem
Permission must be set as shown not only for security reasons: voms-proxy-init and grid-proxy-init commands will fail if your private key is not protected as listed above.
Arkadaşıma gönder , Ana Sayfa