Requesting a certificate

We are now going to request a certificate from the SimpleCA for our user account (in my case, borja). Remember, this is the account we'll use to run all the client applications.

From the user account, run the following command:


You should see the following output:

A certificate request and private key is being created.
You will be asked to enter a PEM pass phrase.
This pass phrase is akin to your account password,
and is used to protect your key file.
If you forget your pass phrase, you will need to
obtain a new certificate.

Using configuration from /etc/grid-security/globus-user-ssl.conf
Generating a 1024 bit RSA private key
writing new private key to '/home/borja/.globus/userkey.pem'
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:

You are being asked for a password to protect your private key. Don't confuse this password with the one we provided when configuring SimpleCA. That password protects the CA's private key. The one we're being asked for now will protect our user account's private key. We will need this password each time we want to access our certificate's private key. For example, we will need it when generating proxy certificates (since our private key is required to digitally sign the proxy certificate). To avoid confusion with other passwords we'll be using in the tutorial, and if you're not going to use this certificate for anything but the tutorial, I suggest you simply enter your username as the password (in my case, borja).

After you enter and confirm the password, you should see the following output:

A private key and a certificate request has been generated with the subject:

/O=Globus/OU=GT3 Tutorial/CN=Borja Sotomayor

If the CN=Borja Sotomayor is not appropriate, rerun this
script with the -force -cn "Common Name" options.

Your private key is stored in /home/borja/.globus/userkey.pem
Your request is stored in /home/borja/.globus/usercert_request.pem

Please e-mail the request to the Globus Simple CA [email protected]
You may use a command similar to the following:

  cat /home/borja/.globus/usercert_request.pem | mail $EMAIL_ADDRESS

Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.

Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at [email protected]

A certificate request has been generated and placed in the $HOME/.globus/usercert_request.pem. This certificate request has to be signed by a CA so it will be a complete digital certificate. We will do this in the next page.