Final steps

Although our user account has a certificate, we're not quite done yet. Just two final steps to do before we can (finally) start writing secure grid services.

Requesting a certificate for the globus account

The globus account also needs its own certificate, which it will use to run the container and its services. Don't confuse the globus user's certificate with the CA's certificate (which we created when setting up SimpleCA, using the globus account). At this point, the globus account does not have a certificate, it only manages a CA which has a self-signed certificate.

Requesting and signing a certificate for the globus account is very simple, since the steps you have to follow are exactly the same as the ones described in the previous two pages.

Creating proxy certificates

An operation we'll be performing frequently during the security examples is creating proxy certificates. So, before we move on to the examples, let's make sure we can successfully create proxy certificates.

First of all, run the following from your user account:

source $GLOBUS_LOCATION/etc/

This sets up a couple of environment variables. Now, run the following command:


You should see the following output:

Your identity: /O=Globus/OU=GT3 Tutorial/CN=Borja Sotomayor
Enter GRID pass phrase for this identity:

Enter the password which protects your user's private key. You should now see the following:

Creating proxy ......................................................... Done
Your proxy is valid until: Sun Feb 15 22:55:45 2004

The date should be 12 hours more than the current time. If you are of a curious disposition, you can take a look at some of the proxy certificate's contents by running the following command:


This command will show, among other things, the path were the proxy certificate has been created. You can take an even closer look at the contents of the proxy certificate by running the following:

grid-cert-info -file $PATH_TO_PROXY_CERT

Now, repeat all these steps for the globus account to test if you can create a proxy certificate for that account.