Project

General

Profile

Request OSG Production Service Certificate

General Fermilab instructions can be found here

The procedure outlined in the above link, specialized for microboone, is summarized below.

Generate key

Run this command to generate your service key for service uboonepro/uboonegpvm01.fnal.gov (the node name can be any valid node):

umask 077; openssl req -new -newkey rsa:2048 -nodes -keyout ubooneprokey.pem -subj "/CN=uboonepro\/uboonegpvm01.fnal.gov" 

This command will create a file called "ubooneprokey.pem", which is only readable by the owner. It will also generate a bunch of gibberish text.

Request OSG Certificate

Cut and paste the gibberish text into the OSG certificate request form. Choose "Fermilab" as the approving VO, agree to the terms, and click "Submit."

Download OSG Certificate

Within about one day, you should receive an e-mail with instructions on how to download the certificate you requested. Download the certificate file and rename it as ubooneprocert.pem.

Extract information from certificate

Run the following commands to extract the DN and expiration date from the certificate. Update the results in this wiki article below.

$ openssl x509 -in ubooneprocert.pem -noout -subject
subject= /DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=uboonepro/uboonegpvm01.fnal.gov
$ openssl x509 -in ubooneprocert.pem -noout -enddate
notAfter=Apr 29 22:02:07 2017 GMT

Test DN

Make sure the DN contained in the certificate is valid. Use this command:

voms-proxy-init -rfc -key ./ubooneprokey.pem -cert ./ubooneprocert.pem -valid 48:0 -voms fermilab:/fermilab/uboone/Role=Production -out proxy_file

If the above command fails (returns "User unknown to this VO"), open a service desk ticket to request that your cert's DN be registered in the fermilab/uboone VO. The DN is the line of text that starts with "subject=" from the above openssl command.

Install certificate.

Open service desk ticket to request installation of your key and certificate on the fifebatch batch servers.