EnderUNIX Team.


EnderUNIX İpucu

Arkadaşıma gönder , Ana Sayfa

[ Shell Scripting ]

"How to extract userkey.pem and usercert.pem from your certificate" - N. Ersen SISECI - (2009-08-10 18:09:42)   [13533]

Usually X.509 Certificates are downloaded using a browser and managed by the browser itself. Anyway it is possible to export your certificate in a file PKCS12 (which will probably have the extension .p12 or .pfx).

The procedure to export the certificate vary from browser to browser, for example Internet Explorer starts with "Tools − > Internet Options − > Content"; Netscape Communicator has a "Security" button on the top menu bar; Mozilla starts with "Edit − > Preferences − > Privacy and Security − > Certificates" and Firefox has "Edit − > Preferences − > Advanced − > Certificates − > manage certificates − > backup".

Unfortunately PKCS12 format is not accepted by Globus security infrastructure, but you can easily convert it into the supported standard (PEM). This operation will split your *.p12 file in two files:

the certificate (usercert.pm) and the private key (userkey.pm). The conversion can be performed with openssl tool:

$ openssl pkcs12 -nocerts -in mycert.p12 -out userkey.pem
$ openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem
to removing private key's password
$ openssl rsa -in userkey.pem -out userkey2.pem
$ chmod 0400 userkey.pem
$ chmod 0400 userkey2.pem
$ chmod 0600 usercert.pem

Permission must be set as shown not only for security reasons: voms-proxy-init and grid-proxy-init commands will fail if your private key is not protected as listed above.

Source: http://lists.grid.sinica.edu.tw/apwiki/How_to_extract_userkey.pem_and_usercert.pem_from_your_certificate


Arkadaşıma gönder , Ana Sayfa