Personal certificates from CERN
A personal certificate consists of a pair of files: the private key (userkey.pem); and the certificate itself, containing the public key (usercert.pem). To obtain a certificate, a request has to be made to a Certification Authority recognized by WLCG.
How to get a personal certificate from CERN
The screenshots included below are out of date, but the current (2016) CERN pages
https://ca.cern.ch/ca
are reasonably self-explanatory. If you have problems in obtaining a personal certificate from CERN CA, you should contact CERN help desk (
http://information-technology.web.cern.ch/help
), not CMS. They will have up-to-date help instructions for you. This twiki may also be of assistance:
https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#BasicGrid
These points may help with the procedure, so please read through them first:
Instructions
- The preferred browser is Firefox (Mozilla); point it to https://ca.cern.ch/ca/ . Click on "New User Certificate". screenshot
- The next page requires you to sign in with your CERN account, if you have not yet done so. screenshot
- On the next page, the Certification Authority requires Identity Verification by entering your account password and birth date, then click "Next". screenshot
- The resulting page may ask you to verify that your browser has the CERN Root Certificate installed. To verify this, see the middle part of the instructions at https://ca.cern.ch/ca/Help/?kbid=040110
If the Root certificate is not installed, please click on "install" and follow the instructions.
Otherwise, choose the default Key Strength (High Grade), then click on "Submit". A small window will appear saying something like "Key generation in progress". screenshot
- The next page should show "Your new certificate is ready". Click on "Download this certificate".
A small alert window will appear saying "Your personal certificate has been installed. You should keep a backup copy of this certificate." Click "OK". screenshot
- Verify that your new CERN personal certificate is installed in your browser, by following the first part of the instructions (before the "Backup" step) at
https://ca.cern.ch/ca/Help/?kbid=040111
I see it under "Your certificates":
Certificate Name = CERN Trusted Certification Authority Robert Snihur
Security Device = Software Security Device
Serial Number = xxxx
Expires on = 08/22/2013
- Follow the instructions for how to use your certificate with grid-proxy-init. This procedure will also create a backup, requiring you to choose a backup password. https://ca.cern.ch/ca/Help/?kbid=024010

--
RobSnihur - 25-Oct-2012