How to manage certificates
Certificate info
check certificate validity
1 |
openssl x509 -noout -subject -enddate -in /etc/grid-security/hostcert.pem |
check whether certificate and private key match
1 |
diff -qs <(openssl rsa -in hostkey.pem -pubout) <(openssl x509 -in hostcert.pem -pubkey -noout) |
extracting information from certificate
1 |
openssl x509 -in hostcert.pem -noout -subject |
Conversions
from PKCS12 to PEM
To get the private key in the file ~user/.globus/userkey.pem:
1 |
openssl pkcs12 -nocerts -in cert.p12 -out ~user/.globus/userkey.pem |
To get the certificate in the file ~user/.globus/usercert.pem:
1 |
openssl pkcs12 -clcerts -nokeys -in cert.p12 -out ~user/.globus/usercert.pem |
from PEM to PKCS12
If the certificate can be found in usercert.pem and if the private key can be found in userkey.pem, it is possible to generate a PKCS12 file named certif.p12 from these two files using the following command:
1 |
openssl pkcs12 -export -out certif.p12 -name "My certificate" -inkey userkey.pem -in usercert.pem |
Certificate permissions
1 2 |
chmod 0600 ~/.globus/userkey.pem chmod 0644 ~/.globus/usercert.pem |