In order to use grid resource, you need to split pfx(p12) file into it’s two components, your public (usercert.pem) and private (userkey.pem) keys. This can be done using the following commands (you will be asked for the export password):
Novices Users:
1. Download the convert script and save as convert-p12-pem.sh to any of the linux machine which has openssl installed.
2. chmod 777 convert-p12-pem.sh
3. ./convert-p12-pem.sh <your-p12-file>
Advanced users:
Below test.p12 is the file you took backup certificate from the browser.
Generating usercert.pem
[test@grid]$ openssl pkcs12 -in test.pfx(p12) -clcerts -nokeys -out usercert.pem
usercert.pem
Enter import Password:
MAC verified OK:
Here the above you need to provide the import password which you had set during the Backup of certificate from the browser.
Generating userkey.pem
[test@grid]$ openssl pkcs12 -in test.pfx(p12) -nocerts -out userkey.pem
Enter Import Password:
MAC Verified OK
Enter PEM pass phrase:
Verifying Password – Enter PEM pass phrase:
Verified OK
As said above you need to provide the import password. Then it asks for setting PEM pass phrase. This is Pass phrase used to generate the proxy from your certificates. You can set your own pass phrase(Remember this for further usage of certificates to generate proxy).
The permissions on your keys should be changed to that only you can read the private key and everyone can read-only the public key:
[test@grid]$ chmod 644 usercert.pem
[test@grid]$ chmod 400 userkey.pem
[test@grid]$ grid-proxy-init -cert usercert.pem -key userkey.pem
Your Identity: /DC=IN/DC=GARUDAINDIA/O=C-DAC/OU=CTSF/CN=henry (emailid@domain.in)
Enter Grid Pass phrase for this identity:
Here you need to provide the pass phrase which you had set while generating the userkey.pem from the above commands. This will generate the proxy of default 12 hours.