Getting started with the Grid certificate

Obtaining a grid certificate is an analysis topic by itself. If you pass this step, you can be good in analysis of ATLAS data.

Certificates are issued by the Open Science Grid (OSG) (since 2013). Look at there WEB site: https://oim.grid.iu.edu/oim/home and click “request certificate”. AT ANL, there is a person who will contact you and ask you send identification info (like ANL badge). Then you will receive a notification and you can load the certificate to your browser and export it as p12 file. You also should request ATLAS VO membership,

Setting up Grid Certificates

In Firefox, just go to “Preferences”-“Edit”-“Advanced”-“View Certificates”. Click on most recent one (with expiration 1 year from the time when you have got email) and click “Backup”. Type file name with the extension pt12. You'll be asked to create a password for the certificate. DO NOT FORGET IT!

The first time you need to use your certificate, you'll have to run these commands

  openssl pkcs12 -in  YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
  openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem

You will be asked several times for the password. Use the same as that when you made backup copy.

Then do:

chmod 400  $HOME/.globus/userkey.pem
chmod 444  $HOME/.globus/usercert.pem

You can test that the certificate is working correctly by typing “grid-proxy-init”. The command “voms-proxy-init -voms atlas” will not work yet, since you have register again with VO ATLAS (even if you was already VO member - it seems DOE GRID re-registration resets your VO membership! (at least for me, S.C.)

If you are already a member of ATLAS, then you just need to join the Virtual Organization. The instructions can be found here http://www.usatlas.bnl.gov/twiki/bin/view/Support/HowToAtlasVO. Note that even if you were a member and you need just renew this, this is totally different step from DOE grid certificate renewal. You need to select one of the collaborators. For example, Robert Gardner, from UChicago (closest Tier2).

Follow the instructions on that page exactly. When you get to the set where it redirects you to https://lcg-voms.cern.ch:8443/vo/atlas/vomrs you should be using the same browser that you imported the DOE grid certificate or you'll need to import your certificate to the browser you want to use. You can check that it is setup correctly by looking in the bottom left corner and looking for your name.

You will be a candidate until they approve you and then you'll need to go back to https://lcg-voms.cern.ch:8443/vo/atlas/vomrs and complete the phase II registration. Again, follow the instructions on this page http://www.usatlas.bnl.gov/twiki/bin/view/Support/HowToAtlasVO .

Your grid will work only when you will get the email (usually takes 1-3 days):

Dear VO Member,
The membership status has been changed from New to Approved due to the following reason: Approved for your VOMRS atlas account with primary certificate:
DN: /DC=org/DC=doegrids/OU=People/CN=Name   XXXXX
CA: /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
Please contact VO administrator if you have any questions.

Sergei Chekanov 2013/10/23 10:31