Open Science Grid (OSG) Certificate for TRANSP Production
(known as FusionGrid Certificate)
DOEGrids CA/ FusionGrid CA is transitioning certificate issuance to a new service managed by the Open Science Grid (OSG) Information Management (OIM) in March 2013.
OIM does not support a "myproxy" server, since it does not comply with IGTF policies.
So Certificates will be stored on your computer in $HOME/.globus instead of the cert.fusiongrid.org server.
In essence it is working like the old DOEGrid certificates.
I. To Request a OSG Certificate:
- Go to:
- Fill in Form:
- Be sure to enter a valid email adddress
(the Certifacate is based on this email address)
- Remember the password - you need it later to issue the Certificate.
- Under "Sponsor"
- Select "FusionGrid" as your "Virtual Organization"
- Select a Sponsor, the person who will help you with TRANSP.
Do not select at random.
The Sponsor must know you.
If he/she is not on the list, select "Manually Specify".
- Click "Submit"
- Browser will popup a new display with your "DN".
You can ignore this. Just close/exit the page.
- Once the Request is approved
- you will get an email from:
"OSG Development FootPrints"
containing an URL to click on.
- On URL from email
- Enter Password - the same you used on the Application
- Click on "Issue Certificate"
- Click on "Download Certificate & Private Key (PKCS12)"
- Save "PKCS12" (user_certificate_and_key.U*.p12) file on your Desktop, the one where your browser is running on.
- In the Download Popup Window click on "Save File", NOT on "Open".
- Import Certificate (.p12 file) into your browser - you will need it next year for renewal.
- Click on Instructions:
How to import user certificate on your browser
- Copy the .p12 file from your Desktop to the computer, from where you are submitting transp runs.
- Extract cert.pem, key.pem files from .p12 file and copy into $HOME/.globus/
To submit Transp runs, the extracted .pem files must be copied into your $HOME/.globus/ directory on the node where you are submitting your TRANSP runs - NOT on your Desktop.
- For instructions on how to extract cert & key files from .p12 click:
How to import user certificate for command line use (grid-proxy-init)
- You have to enter the Password again for both files, the cert.pem end the key.pem.
- When extracting the key, you also have to provide a "PEM pass phrase"
you can keep the same or enter a different one
- If you don't have a $HOME/.globus directory, create one:
- MAC Users: Be sure not to get entagled in Keychain Access.
- Register your x509 Certificate with OIM
Go to OIM
You will see "Register" link at the top right corner of the page.
For details see OIM User Guide
II. To authenticate with the new Certificate:
- grid-proxy-init -hours 264
Do NOT use "fglogin", which connects to the obsolete myproxy server.
- To check status: grid-proxy-info (same as before)
Importing User Certificate for Command Line Use
OIM User Guide
OSG User Certificates
To submit Ticket to Grid Operations Center (GOC)
To get Signing Certificates
OSG CA Transition 2012