Go to http://ca.grid.kiae.ru/RDIG:
1. Fill out the form

2. download   user_cert-request.sh and a form for a hard copy of the certificate request   host   the jobs will be run .

3. create  .globus in your home directory

4. Run the script:  sh user_cert-request-13.sh

during the script’s operation, a private key ~/.globus/userkey.pem will be created.  It will require you to enter a password of at least 15 characters in length. Remember that. Otherwise, you will have to start the request procedure all over again. It is also necessary save the private key module

Example:
sh user_cert-request.sh
——————————————————————–
Creating the cryptographic keypair for your certificate. The file named
~/.globus/userkey.pem
will contain your private key. This file must not be shared with anyone and must be kept in a safe place. Never transfer your private key using plain communication channels (email, telnet sessions, ftp and so on). Choose strong password for your private key. Remember, CP/CPS states that the password should be at least 15 characters long.

If you will forget your password no one will help you: your
certificate will become useless.

NEVER USE EMPTY PASSWORD!
NEWER STORE YOUR PASSWORD ALONG WITH THE PRIVATE KEY!
——————————————————————–
Press [Enter]…
Enter password for private key:
Verify password:
Private key password should be minimum 15 characters in length.
Enter password for private key:
Verify password:
Generating RSA private key, 1024 bit long modulus
……………++++++
………++++++
e is 65537 (0x10001)
————————————————————————
All done. Your private key is stored in the file
~/.globus/userkey.pem

Your request was automatically sent through the CA Web interface.You will be mailed back with the serial number of your request.Then you should completely fill the paper request form and go to yourRegistration Authority to complete your request. You will need your public key modulus:
C06EAAB001 B092FFA5D18C5D7153F8AF0E2DFB715B336794F5AC7B99F9B29CED593CE1B82129E6E0A93BADDB6C95D074076823516275D69AA1CE2ED157E547B943A59B1D5E601749B1C494D3325BD211DD941940FBE1EB76FEC69F7967A4A8F08523587DA6D6B39B752AC0DC7C7D2E39C35B9368895952AA45DF50 D3DB91A797
10 starting digits and 10 ending digits of modulus was separated byspaces from the rest of the digits for your convinience.
——————————————————————–
Press [Enter]…

5. Send the request to

mail < userreq.mail rdig-ca@grid.kiae.ru

Fill out a paper copy and take it to the persons responsible at JINR (JINR Registration Authority, RA)

6. Your certificate will be sent to the specified email address or you can pick it up here http://ca.grid.kiae.ru/RDIG/certificates/valid.html

and then put it in ~/.globus/usercert.pem

7. Verify the validity of the certificate and the private key. :

cd .globus

/usr/bin/openssl rsa -in userkey.pem -noout -modulus

/usr/bin/openssl x509 -in <your-certificate> -noout -modulus

The result of executing the commands should be the same.

Further :

grid-proxy-init -debug -verify

User Cert File: /afs/jinr.ru/user/g/grom/.globus/usercert.pem
User Key File: /afs/jinr.ru/user/g/grom/.globus/userkey.pem

Trusted CA Cert Dir: /etc/grid-security/certificates/

Output File: /tmp/x509up_u8024
Your identity: /C=RU/O=RDIG/OU=users/OU=jinr.ru/CN=Natalia Gromova
Enter GRID pass phrase for this identity:
Creating proxy …….++++++++++++
……………++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Wed Jan 16 02:26:54 2013

8. To place your certificate in the browser, it must be converted to the p12 format :

/usr/bin/openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out usercert.p12 -name “My certificate 2022 ”

Place the resulting usercert.p12 in your browser (for firefox : settings -> Privacy&Security->Certificates->View Certificates-> import)