Project

General

Profile

Get a certificate proxy » History » Version 5

« Previous - Version 5/8 (diff) - Next » - Current version
Gianluca Petrillo, 12/21/2017 04:40 PM


Get a SBND certificate and proxy

Note: this page is about certificates and proxies to access grid resources. For "personal" certificates to access DocDB and web-based resources, you want a CILogon certificate instead.

Virtual Organization membership

First, you need to be registered in the proper Virtual Organization, which in our case is a unsurprising sbnd.
You can play some roles in the organisation, and you need to choose which one to wear when getting a certificate proxy. Examples of roles are Analysis (which you should pick if unsure) and Production.

You can check your status by pointing your browser to Fermilab VOMS server at https://voms.fnal.gov:8443/voms/fermilab/user/home.action . You will be required to present a certificate (the CILogon certificate is good enough for this), and from it the server will know who you are and will tell what you can do.

If you don't get the expected result (e.g., you are not listed in the fermilab/sbnd group or you need to play a different role), request the change via service desk.

Get the proxy

The ritual for getting the certificate and proxy goes like this:

kinit "${USER}@FNAL.GOV"                                                     # get your Kerberos authentication
setup cigetcert                                                              # (if not already there)
cigetcert -s 'fifebatch.fnal.gov'                                            # ask for a certificate
voms-proxy-init -noregen -rfc -voms 'fermilab:/fermilab/sbnd/Role=Analysis'  # create a "proxy" from the certificate

The last line of the output from this sequence should look something like:
Your proxy is valid until Tue Sep 27 01:49:24 2016

where the date is 24 hours in the future.
This "proxy" is what we need to get our job done.
The command
voms-proxy-info -all
will tell you more than you want to know about your current certificate.