How to become an XRAY user?
The following steps are necessary to become a XRAY user:
- Get a user certificate
- Apply for using resources at one VO
- Apply for an user account over an user interface (UI)
- Install your certificate on the UI
- Create a proxy certificate from the UI
1. Get a user certificate
In order to authenticate himself to Grid resources, a user needs to have a digital X.509 certificate issued by a Certification Authority (CA) trusted by WLCG/EGEE; Grid resources are generally also issued with certificates to allow them to authenticate themselves to users and other services.
To obtain a valid certificate contact the appropriate certification authority (map, text) and follow the instructions.
In France, CRNS is the responsible for dispatching valid certificate through his GRID2-FR sub Certification Authority.
The user certificate, whose private key is protected by a password, is used to generate and sign a temporary certificate, called a proxy certificate (or simply a proxy), which is used for the actual authentication to Grid services and does not need a password. As possession of a proxy certificate is a proof of identity, the file containing it must be readable only by the user, and a proxy has, by default, a short lifetime (typically 12 hours) to reduce security risks if it should be stolen.
2. Apply for using resources at one VO
The second step is apply to one VO. Search the list of existing virtual organizations on the CIC Portal to find one appropriate for you. Each entry contains contact information. The enrollment process usually takes a couple of days for verifications.
To become an XRAY user you must contact directly our Virtual Organization Membership Service (XRAY VOMS)
3. Apply for an user account over an user interface (UI)
Next step should be obtain an account on a machine which has the WLCG/EGEE User Interface (UI) software installed. If you want to use ESRF User Interface, please send a mail to grid-admin(at)esrf.fr or you can also call Hotline at +33 (0)476 88 24 24 between 09h00 - 11h45 and 12h45 - 17h00 (during working days).
4. Install your certificate on the UI
After you have an user account on a UI machine you must install your X.509 user certificate under your home directory on this server.
Follow the next steps to do this:
1. Export the certificate that you have previously get at the step 1, and that is installed under your browser.
ex 1.
Under your firefox browser go to:
* Edit-> Preferences-> Advanced-> Encryption-> View certificates
Select the certificate
Press backup
Type your pem_passphrase
Save your certificate as your_certificate.p12
2. Copy this certificate to your home directory under your UI server.
ex 1.
ftp <ui_server_name>
user: (type your user name)
pass: (type your passord)
> bin
> hash
> put <your_x509_user_certificate>
########################
ex 2.
# scp <your_x509_user_certificate> user@<ui_server_name>:
Scientific Linux CERN SLC release 4.7 (Beryllium)
calvelov@grid-ui01's password: (type your password)
<x509_user_certificate> 100% 10KB 9.9KB/s 00:00
3. Split your X.509 certificate into the public key and the private key.
openssl pkcs12 -in your_certificate.p12 -clcerts -nokeys -out usercert.pem
Enter Import Password: (Give the passphrase if any)
MAC verified OK
openssl pkcs12 -in your_certificate.p12 -nocerts -out userkey.pem
Enter Import Password: (Give the passphrase if any)
MAC verified OK
4. Adjust the directory structure and permissions on the UI
[user@UI ~]# mkdir ~/.globus
[user@UI ~]# cp usercert.pem ~/.globus
[user@UI ~]# cp userkey.pem ~/.globus
[user@UI ~]# chmod 400 ~/.globus/userkey.pem
[user@UI ~]# chmod 444 ~/.globus/usercert.pem
5. Create a proxy certificate from the UI
From your user interface generate a valid user proxy certificate to contact and use all the resources available inside the VO
[user@UI ~]# voms-proxy-init -voms xray.vo.eu-egee.org