These instructions assume that you already have retrieved your certificate and imported it into your Browser (IE or Netscape).  If you have not, then retrieve it first. If you got your certificate using the command-line scripts the instructions below do not apply.

Exporting your certificate for use by Globus proxy-init.

• If you need to use your certificate outside your browser, or import it into a different browser, you can export it as PKCS 12 file. To do this click on your Security button in your browser, go to Certificate, Yours, select the certificate that you wish to export and click the Export button. At the time of this export, you will asked to type a password. This is used to encrypt the PKCS 12 file. This is a standard format file containing a certificate, public and private key.
• grid-proxy-init of Globus wants two separate files : A PEM encoded X509 certificate and a PEM encoded RSA encrypted private key. The following two incantations of openssl will produce these files. 
  • To get your X509 certificate (no chaining) :
     openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem 
  • To get the encrypted private key :
     openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem You must set the mode on your userkey.pem file to read/write only by the owner, otherwise grid-proxy-init will not use it.

Use with CondorG

These  certificates have been demonstrated to work with a "new version" of CondorG which uses the Globus 2.0 libraries.  They did not work with CondorG using the Globus 1.1.4 libraries.

If there are error messages please copy them to trouble@es.net.