It is important that your grid certificate is working for your analysis; you may also be unable to fully participate in some sections of hands-on exercises which require a valid grid proxy.
If you do not have a grid certificate, you may be able to easily obtain one from https://ca.cern.ch/ca/; you will then need to apply for VO membership. The organisers may be able to expedite this for you. Please note that you will need to obtain and use a new certificate from the CERN Certificate Authority for each new machine you wish to certify.
Hopefully you have already started this process following instructions from your institute, this can sometimes take time.
Register for the ATLAS VO
https://lcg-voms2.cern.ch:8443/voms/atlas/user/home.action. Note that your personal certificate DN and Certificate Authority are noted on the registration page. If they are not, then you will need to install your certificate into your browser before proceeding.
In order to access data, submit your analysis jobs to the Grid, and access some restricted web pages, you will need to
/atlas/<your country code>(for example, your country code can be ca for Canada.)
https://lcg-voms2.cern.ch:8443/voms/atlas/user/home.actionto view your VO memberships
~/.globusdirectory of every machine you use. The
~/.globus/usercert.pemfiles must exist at the end of these instructions.
If your certificate is in your browser, you need to export (backup) the certificate: (Depending on OS and browser this may be ) for Firefox: Preferences (or Tools) -> Advanced -> Encryption -> View Certificates -> Your Certificates -> Backup
scp (or similar) to copy this file across to your lxplus account
scp cert.p12 email@example.com:. ).
You need to convert your certificate (here assumed to be called
mycert.pfx into the correct form using:
> openssl pkcs12 -in mycert.pfx -clcerts -nokeys -out usercert.pem > openssl pkcs12 -in mycert.pfx -nocerts -out userkey.pem > chmod 400 userkey.pem > chmod 444 usercert.pem
(Word of advice: When executing
openssl pkcs12 -in mycert.pfx -nocerts -out userkey.pem you must enter a PEM pass phrase or it could lead to problems.)
Move these two files (userkey.pem and usercert.pem) to the
.globus directory (If you haven’t got one then
mkdir ~/.globus). You probably need to remember two passwords, one for the original certificate and one for the converted one.
lsetup rucio voms-proxy-init --voms atlas
and you should see something as follows:
... attribute : nickname = aparker (atlas) ...
The new (as of March 2015) web page for accessing VOMS information is
https://voms2.cern.ch:8443/voms/atlas. Ask, if you have questions on this.
If you have the grid certificate in the
.globus directory in the
pem (two file) format, but need to import it back into the browser, then you should find the two
.pem files (in the
.globus directory) and type this command:
openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out gridCert.p12
gridCert.p12 should be copied across to your laptop and imported into the browser (e.g Preferences (or Tools) -> Advanced -> Encryption -> View Certificates -> Your Certificates -> Import ).
Alternative instructions to do this - see these pages for your cloud:
After your registration with LCG for the Atlas VO has been approved and also your voms roles approved, you can then check that everything is working by doing
setupATLAS diagnostics gridCert
and follow the instructions regarding protections.
All tests must pass as described at the end of the
gridCert command. It is not vital this passes to participate in the ATLAS tutorials but it is strongly recommended you have this set up properly.