Annuaire IPHC

DRS | Recherche au DRS » Du Big Bang aux particules » CMS » Internal use » Procédures d’enregistrement » Enregistrement sur la grille

Enregistrement sur la grille

Dernière mise à jour : mercredi 11 mai 2022, par Daniel Bloch

If you work at IPHC : First registration

1. Go to see Yannick Patois who will ask for your recording on the grid certificate data base

eventually (but very boring), you can also have a look here, specifying IReS for our lab... (not IPHC)
and with some even more informations here,
but anyway go to Yannick

2. Once it is done (Yannick will tell you) :

use firefox on a UI :
/libcern/firefox/68.0esr/firefox/firefox —no-remote -P

go to the link :
https://pub-ee-grid.pncn.education.gouv.fr/EE/csr-fh.cgi
(eventually have a look here

create a new profile :
on your profile, check for the version of firefox :
firefox->Menu(Top-right)->Help-> about firefox
if < 68 == good, else : see Yannick...

fill the certificate :
"personnels" everywhere
— > Highgrade

save the information of the certificate, then follow the instructions below

If you work at CERN : to get a CERN certificate

The best is to folllow the CMS workbook.

To renew a LCG certificate :

Not trivial because the procedure only works on an old Firefox version ...
Two possibilities :

1. Either from a PC with an old Firefox version :

go to the web page you got by mail,

open a new Mozilla Firefox window, then click on :
"Firefox", then "Preferences",
then on the left side menu "Vie privée et Sécurité"
and in the very bottom "Affichez les certificats" and "Vos certificats"

import the new certificatet (in .p12 mode),

you can then export it in a directory of the PC

keep in mind the password !

and then transfer it on your laptop (even if you have a recent Firefox version).

2. Or from your laptop (but it may be slow) :
login on sbgui6, then type :
firefox —no-remote &

go to the web page you got by mail,

follow the procedure to get the new certificate,

click on the new certificate at the very bottom of the page,

save it on the Firefox navigator on sbgui6,

open a new Firefox page and show the certificates :

about:preferences#privacy

export the certificat in .p12 mode in a directory on sbgui6

keep in mind the password !

and then transfer it on your laptop

on your laptop :
open a new Mozilla Firefox window, then click on :
"Firefox", then "Preferences",
then on the left side menu "Vie privée et Sécurité"
and in the very bottom "Affichez les certificats" and "Vos certificats"

import the new certificate : ouf !

To save your certificate on linux (mandatory !) :

on a UI, go in the linux directory where the certificate was exported (for instance with the name : cert.p12), then :

openssl pkcs12 -in nom-du-cert.p12 -clcerts -nokeys -out usercert.pem
openssl pkcs12 -in nom-du-cert.p12 -nocerts -out userkey.pem

and give the password as requested,

copy the .pem files in your .globus on your server (lxplus, sbgli5, ...) and protect it :

cd 
chmod -R og-rwx .globus
chmod -x .globus/*
chmod 400 .globus/userkey.pem
ls -ld .globus (=> must be rwx for yourself alone)
ls -ld .globus/* (=> the .pem must be in rw for yourself alone)

to check if it works : do a voms-proxy-init
and give the password as requested

To register on the CMS VO : follow the instructions

if you have already a LCG certificate, start from the step 3 and specifiy : /cms/Role=cmsuser

once it is done and if you have troubles with your id, see here