If given an encoded tarball use the following command
openssl aes-256-cbc -d -in filename.tgz.enc | tar zxf -
In the case of a Robotic Certificate, a password on the key will stop programs which use it so the password must be removed. Just use:
openssl rsa -in password-keyfile.pem -out passwordless-keyfile.pem
It will ask for the password on the old file, and you can skip entering one for the new file.
openssl x509
is for pem-formatted certificatesopenssl rsa
is for key files
I've typically had to update the local copy of our CA certificate folder by grabbing the one at CERN:
lxplus.cern.ch:/etc/grid-security/certificates
and copying it locally. Otherwise you get errors from voms-proxy-init
.
To test the robotic key/cert you can do the following:
voms-proxy-init --cert </path/to/cert.pem> --key </path/to/key.pem> --certdir </path/to/certificates> -verify