Project

General

Profile

Get a certificate proxy » History » Version 5

Gianluca Petrillo, 12/21/2017 04:40 PM

1 2 Gianluca Petrillo
h1. Get a SBND certificate and proxy
2 2 Gianluca Petrillo
3 5 Gianluca Petrillo
bq. Note: this page is about certificates and proxies to access grid resources. For "personal" certificates to access DocDB and web-based resources, you want a [[Setting up access with CILogon certificate|CILogon certificate]] instead.
4 5 Gianluca Petrillo
5 2 Gianluca Petrillo
h2. Virtual Organization membership
6 2 Gianluca Petrillo
7 2 Gianluca Petrillo
First, you need to be registered in the proper Virtual Organization, which in our case is a unsurprising @sbnd@.
8 2 Gianluca Petrillo
You can play some _roles_ in the organisation, and you need to choose which one to wear when getting a certificate proxy. Examples of roles are @Analysis@ (which you should pick if unsure) and @Production@.
9 2 Gianluca Petrillo
10 2 Gianluca Petrillo
You can check your status by pointing your browser to Fermilab VOMS server at https://voms.fnal.gov:8443/voms/fermilab/user/home.action . You will be required to present a certificate (the [[Setting up access with CILogon certificate|CILogon certificate]] is good enough for this), and from it the server will know who you are and will tell what you can do.
11 2 Gianluca Petrillo
12 3 Gianluca Petrillo
If you don't get the expected result (e.g., you are not listed in the @fermilab/sbnd@ group or you need to play a different role), [[Computing resources#Opening-a-ticket-in-Fermilab-Service-Desk|request the change via service desk]].
13 3 Gianluca Petrillo
14 2 Gianluca Petrillo
h2. Get the proxy
15 1 Gianluca Petrillo
16 1 Gianluca Petrillo
The ritual for getting the certificate and proxy goes like this:
17 1 Gianluca Petrillo
<pre>kinit "${USER}@FNAL.GOV"                                                     # get your Kerberos authentication
18 4 Gianluca Petrillo
setup cigetcert                                                              # (if not already there)
19 4 Gianluca Petrillo
cigetcert -s 'fifebatch.fnal.gov'                                            # ask for a certificate
20 1 Gianluca Petrillo
voms-proxy-init -noregen -rfc -voms 'fermilab:/fermilab/sbnd/Role=Analysis'  # create a "proxy" from the certificate</pre>
21 1 Gianluca Petrillo
The last line of the output from this sequence should look something like:
22 1 Gianluca Petrillo
<pre>Your proxy is valid until Tue Sep 27 01:49:24 2016</pre>
23 1 Gianluca Petrillo
where the date is 24 hours in the future.
24 1 Gianluca Petrillo
This "proxy" is what we need to get our job done.
25 4 Gianluca Petrillo
The command <pre>voms-proxy-info -all</pre> will tell you more than you want to know about your current certificate.