You've got your personal certificate, right?
You'll need a minimum of three host/service certificates to run a Compute Element (CE) resource: host, http, and rsv. There are two methods for requesting these certificates: the OIM Certificate web site or the OSG PKI command-line tools.
Method 1: Web Interface
- Web Browser with your personal certificate
- Linux or MacOS X system with openssl command
Create a directory in which to temporarily store your keys and certificates.
Go to the OIM Certificate Service and click the Login link at the top right.
Under HOST CERTIFICATES in the left navigation column, click RequestNew.
Open a Terminal window on your system and generate 3 Certificate Signing Requests (CSRs)
openssl req -new -newkey rsa:2048 -nodes -keyout hostkey.pem -out hostcsr.pem -subj "/CN=osg-ce.example.edu"
openssl req -new -newkey rsa:2048 -nodes -keyout httpkey.pem -out httpcsr.pem -subj "/CN=http\/osg-ce.example.edu"
openssl req -new -newkey rsa:2048 -nodes -keyout rsvkey.pem -out rsvcsr.pem -subj "/CN=rsv\/osg-ce.example.edu"
Read the OSG Policy Agreement and click I AGREE if you agree to the terms.
Click Submit. You will receive confirmation e-mails for the submission and approval/issuance of your certificates.
When your certificates are issued, you can return to the OIM Certificate Service and click My Requests under HOST CERTIFICATES. Right-click each of the links to the certificates to download them to your ~/osgcerts directory. Match the certificate name to the key name. E.g., hostcert.pem to hostkey.pem, etc.
The certificate/key pairs are installed under /etc/grid-security/. Assuming your RSV user is rsvuser,
mkdir --mode=755 /etc/grid-security/http /etc/grid-security/rsv
install -m 444 -o root -g root hostcert.pem /etc/grid-security/hostcert.pem
install -m 400 -o root -g root hostkey.pem /etc/grid-security/hostkey.pem
install -m 444 -o tomcat -g tomcat httpcert.pem /etc/grid-security/http/httpcert.pem
install -m 400 -o tomcat -g tomcat httpkey.pem /etc/grid-security/http/httpkey.pem
install -m 444 -o rsvuser -g rsvuser rsvcert.pem /etc/grid-security/rsv/rsvcert.pem
install -m 400 -o rsvuser -g rsvuser rsvkey.pem /etc/grid-security/rsv/rsvkey.pem
Method 2: Command Line
The OSG Host/Service Certificates documentation demonstrates the installation of the tools used to generate and submit CSRs from the command line.