- Obtain a Digital Certificate from the HellasGrid Certification Authority.
- Get an account at a HellasGrid User Interface.
- Join a Virtual Organization.
- Import your Digital Certificate to the User Interface you obtained a personal account.
Obtain a Digital Certificate from the HellasGrid Certification Authority
In order to acquire a Digital Certificate you have to visit the following web page: https://access.hellasgrid.gr/. By clicking at the first choice, you can request a personal Digital Certificate. You have first to complete a form with your personal information (first name, last name, organization, department, etc). Once you have completed this form an informative e-mail will be sent at your personal e-mail account informing you that your personal information has been registered at HellasGrid database and request to confirm the reception of the e-mail. In case you do not confirm the e-mail reception in seven days, your registration will be removed from the HellasGrid data base.
Once you confirmed the reception of the e-mail you can proceed with the certification request procedure. Initially you will be asked to install at your web browser the certificate of the HellasGrid Certification Authority. For the Greek users the responsible authority is the HellasGrid Certification Authority (HellasGrid-CA) operated by the Department of Physics at the Aristotle University of Thessaloniki. Consequently you must generate your private key and certificate signing request at the web browser. The private key and certificate signing request will be automatically sent at HellasGrid-CA.
Once your certificate signing request has been sent at the HellasGrid-CA an informative email will be sent to you. With this email you will be requested to visit in person your appropriate Registration Authority and present the following documents:
- Your identification card or your passport.
- One document which will confirm your affiliation with your organization.
- A printing of the received e-mail.
A list of the existing Registration Authorities for the Greek Users can be found at the following site. In the case you can not be served by an existing Registration Authority you must contact the Catch-all Registration Authority, operated by GridAUTH (mailto:hg-catch-all (at) grid.auth.gr).
You can regularly check the status of your certificate signing request. Once the status of your request changes to “signed” you have to install the certificate at your web browser (the same used for the procedure obtaining the certificate) and accept the terms of its use.
Get an account at a HellasGrid User Interface
A User Interface (UI) is nothing more and nothing less than a Linux box having installed all the required client software, APIs and tools for developing and running applications in the Grid. In practice everyone can install and setup a UI with the required EGEE tools following the instructions in the GLITE-3 Installation Guide.
There is also a chance that your institute may already have setup a UI machine so you can ask from your local administrator to create an account for you there.
Till now, six User Interfaces has been installed to serve the HellasGrid users:
- three in Athens (ui01.isabella.grnet.gr, ui02.isabella.grnet.gr, ui01.marie.hellasgrid.gr),
- one in Thessaloniki (ui01.afroditi.hellasgrid.gr),
- one in Heraklion (ui01.ariagni.hellasgrid.gr) and
- one in Patras (ui01.kallisto.hellasgrid.gr).
You can request access to the appropiate UI according to the location of your organization by following the second choice at the web page https://access.hellasgrid.gr. If you do not have access to a User Interface or you cannot (or do not want to) install your own UI, you may request via the second option of the web page https://access.hellasgrid.gr/ for an account at the Isabella catch-all UI hosted in the GRNET site, which is located at Athens; provided of course that you have already obtained a digital certificate issued by the HellasGrid Certification Authority. In order to connect at the User Interface at which you have an account you must use an ssh client program, for example putty, a free program which can be downloaded from the link http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
Join a Virtual Organization
To be authorized to use the Grid and do useful work with it you have to belong to a Virtual Organization (VO); A Virtual Organization (VO) is a group of grid users with similar interests and requirements who are able to work collaboratively with other members of the group and/or share resources (data, software, expertise, CPU, storage space, etc.) regardless of geographical location. A list of existing EGEE VOs is available here.
In order to make life easier for the South Eastern Europe users (including the HellasGrid users), speed up and simplify the process of new application induction, EGEE-SEE has established its own VO called SEE-VO. This VO will be the most adequate for SEE users that do not fit in any of the existing EGEE VOs or are not able to create their own EGEE-wide VO. To join the SEE-VO as a HellasGrid user you have to request it via the third option of the site https://access.hellasgrid.gr. Please note that this page has to be visited using the browser on which you have already loaded your digital certificate otherwise the process cannot be completed.
Import your Digital Certificate to your User Interface
Till now, you have a Digital Certificate installed at your web browser. In order to use the HellasGrid infrastructure, for example to submit a job for execution, check the status of the job; get the output of the job, you have to install also your certificate to the User Interface you have an account.
First you have to export your Digital Certificate from your web browser at which it is installed. To do this at Internet Explorer you must follow the path: Tools->Internet Options->Content->Certificates->Personal->Export while to do this at Mozilla Firefox you must follow the path: Edit->Preferences->Advanced->Encryption->View Certificates->Your Certificates->Backup or Tools->Options->Advanced->Encryption->View Certificates->Your Certificates->Backup. In both cases your personal certificate must be saved with .p12 extension (PKCS#12 format). So, by following the instructions of the above links you have succesfully backed up your security certificate and private key at your machine. Now you have to copy your Digital Certificate from your machine to your home directory at the User Inteface you gained an account. Then you must create your Digital Certificate and private key in .pem format. In order to do this you must execute the following two openssl commands:
openssl pkcs12 -nocerts \
-in mycertificate.p12 \
openssl pkcs12 -clcerts -nokeys \
-in mycertificate.p12 \
The first openssl command gets as input your certificate in .p12 format (mycertificate.p12) and creates your private key in .pem format (userkey.perm).The second openssl command gets as input your certificate in .p12 format (mycertificate.p12) and creates your certificate in .pem format (usercert.pem). We must mention that the ~ user should be replaced by the path to your home area. Both your private key and certificate are stored in the .globus directory.
Finally you must give the appropiate read privileges at your private key and certificate.
chmod 444 ~/.globus/usercert.pem
chmod 400 ~/.globus/userkey.pem