Certificate F.A.Q.
It is recommended to do it with FIREFOX
Even if you only want to use the DIRAC portal, you must go through all the steps below
Get a certificate
There are two ways to get a certificate:- Through CERN.
- This should be easier. But for this your CERN account cannot be "external" (you need to be in the "USER" group, "PART" is not enough). This means that for new users they need to either show up at the User's Office to fully register, or they should opt for option 2.
- Request a new certificate at https://ca.cern.ch/ca
- Through a Certification Authority (CA) of your home country. (you can find it at http://wlcg.web.cern.ch/getting-started/certificates )
Renew a certificate
Renewing really means requesting a new certificate.- You will have two valid certificates for a brief period. That's ok.
- CERN certificates can be requested at https://ca.cern.ch/ca
- You do not have to re-sign the Virtual Organisation (VO) terms and agreements (they can also expire, but independently from the certificate).
Export the certificate to your browser
Once you got your certificate you should export it. It can then be uploaded to other browser(s) and copied to lxplus for grid usage. Details and screenshots can be found in the Help Contents at https://ca.cern.ch/ca/Help/.
Note: if you have finished all the steps, and access the Dirac page with browser, make sure that your link starts with https instead of http. Find the Dirac link through google will give you the http one, from which you will have "Error Notification: Operation failed. Not a registered user".
Convert the certificate for grid usage
Once you exported your certificate transfer the p12-file to your LXPLUS home directory. Now use the command below to have your certificate properly installed in your .globus directory.lb-dirac dirac-cert-convert MyFile.p12Make sure that you pass phrase is not empty nor shorter than 6 characters If you want to do this step manually, you should convert the certificate obtained above into one usable for the Grid, following instructions in https://ca.cern.ch/ca/Help/?kbid=023010
. Slides 15 to 17 of the presentation show some screenshots of the procedure.
Join the LHCb Virtual Organisation
In order to be able to use your certificate for submitting jobs to the DIRAC system you need to join the LHCb Virtual Organisation (VO). To do this go to the web page https://lcg-voms2.cern.ch:8443/voms/lhcb, follow the instructions to join as explained here: https://cern.service-now.com/service-portal?id=kb_article&n=KB0003002 . You then have to wait for this to be approved (confirmation sent by mail).
: If you get the message "you are already registered, please send a mail to project-lcg-vo-lhcb-admin- at -cern.ch and ask to be remove from the VO to continue the registration.
Sign the "Grid Acceptable Use Policy" (aka AUP)
This may be done via the VOMS portal at https://lcg-voms2.cern.ch:8443/voms/lhcb/aup/load.action even if already done.
Using the certificate
After obtaining a certificate for the first time, you should upload a proxy to DIRAC, using (on lxplus) the commands:lhcb-proxy-initDIRAC will remind you periodically (currently once a year), by sending you a mail whose subject is "Your proxy uploaded to DIRAC will expire in xx days", when you need to upload a new proxy. Your proxy is necessary for accessing the bookkeeping, and of course for submitting jobs on the Grid. Once you have installed your certificate (e.g. on lxplus), get a proxy (which has a limited validity) using the
lhcb-proxy-init command.
More information with lhcb-proxy-init -h (e.g. for setting a non-default validity)
Be aware that it might take about 24 hours after your Virtual Organisation membership has been approved before this works.
Troubleshooting
Operation failed: Not a registered user. Check iflhcb-proxy-init works on lxplus and that your certificate is installed in your browser.
If you have any anti-virus software installed ensure any scanning of HTTPS connections is disabled as this breaks the secure connection between your certificate and the LHCbDIRAC webserver.
You can check if your connection is being intercepted by viewing the SSL certificate (search for " how to view ssl certificate NAME-OF-BROWSER").
The certificate should be signed by the "CERN Grid Certification Authority" however some anti-virus programs will replace it with their own certificate. Topic revision: r41 - 2023-01-24 - ChristopheHaen
LHCb/FAQ Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- Altair
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback