1. In order to proceed you have to copy the key backup file you generated in the previous section into the home directory of your ZDV-Unix Account. If you lack such an account you can apply for one here.
   When you used an official zdv linux pool computer to perform the preceeding steps everything should be fine and there is no need for further action.
   

   If the file is stored on a Unix flavored (Linux, Mac OS X, SunOS) computer, open a terminal and enter (where DFN-user-certificate.pkcs12.p12 has to be replaced with the actual name of your backup file and username with your unix account username):

   scp DFN-user-certificate.pkcs12.p12 username@hpc-bw.uni-tuebingen.de:~/

   After hitting ENTER you will be asked for the password of your account and finally the file will be copied.

2. Now you have to convert your private key into the so called pem-format and copy it into the .globus directory. To do this, see the following steps: (Line breaks in the following grey boxes containing the commands are due to automatic word-wrapping and you should enter the commands on a single line.)

   1. Log into a computer at our zdv linux pools and open a terminal window (press "Alt" + "F2" on your keyboard and enter "konsole" followed by the "enter" key into the pop up window appearing) or remotely connect to hpc-bw with:

      ssh -l username@hpc-bw.uni-tuebingen.de 

      As a Windows User you can use an ssh-terminal program, e.g. putty.

   2. Convert your private key into a format suitable for further processing by entering into your terminal window:

      openssl pkcs12 -in DFN-user-certificate.pkcs12.p12 -out userkey.pem -nocerts

      You will now be asked for two passwords. The first one you have to supply is that utilized to protect the backup and the second one is needed to secure the key stored in the so called "pem"-file that will be generated.

   3. As with the private key in the previous step, the public key is also converted into the pem-format with:

      openssl pkcs12 -in DFN-user-certificate.pkcs12.p12 -out usercert.pem -clcerts -nokeysAs12 -in DFN-user-certificate.pkcs12.p12 -out usercert.pem -clcerts -nokeys

      Here you only have to supply the backup password since the public key does not need any protection.

      This approach acts on the assumption that private as well as public keys are stored within the backup file. If you had problems storing both keys in one file (e. g. the file only contains the private key part) it is possible to use the pem-file that is available at the link given in the DFN confirmation mail as a public key (usercert.pem) directly.

   4. Create a directory ".globus" in your home directory and move both pem-files into this directory issuing the commands:

      mkdir -vp ~/.globus;
      mv -v userkey.pem usercert.pem ~/.globus/

   5. Though the private key is secured with a password you should nevertheless adjust the access rights of public and private keys with:

      chmod -c 700 ~./globus
      chmod -c 600 ~/.globus/user*

   6. You can delete your backup file now with the command:

       rm -vf DFN-user-certificate.pkcs12.p12

   g. When working from home, create the folder:

mkdir ./globus/certificates

cd ~/.globus/certificates
wget www.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz
tar xvzf igtf-preinstalled-bundle-classic.tar.gz
rm *.tar.gz

Back to Section III Proceed with Section V