->slovenská verzia
For new grid users:

1. create new pair of keys: grid-cert-request -int
- it may request your name and family name, so fill them
- choose at least 12-character long passphrase
- confirm or change the country "C=SK" and the 'origin' "O=SlovakGrid"
- fill in the acronym for your organization (employer or school)
- fill in your full name - at least 2 words divided by space character(s)
- if you do not have installed the "grid-cert-request" command,
  you can use my 'user' script

2. bring the "usercert_request.pem" file to one of your national Registration
Authorities (RA, more informations at: ca.ui@savba.sk)
and show your ID card in the personal meeting with RA.


Rekey Manual - for user certificate: During the time your user certificate is still valid, you can use it to sign your request for the new user certificate: 1. backup ~/.globus folder to say ~/.globus.bak 2. create new pair of keys: grid-cert-request -int - it may request your name and family name, so fill them - choose at least 12-character long passphrase - confirm or change the country "C=SK" and the 'origin' "O=SlovakGrid" - fill in the acronym for your organization (employer or school) - fill in your full name - at least 2 words divided by space character(s) - if you do not have installed the "grid-cert-request" command, you can use my 'user' script 3. sign with your old but still valid user-certificate: cd ~/.globus openssl smime -sign -text -in usercert_request.pem -signer \ ~/.globus.bak/usercert.pem -inkey ~/.globus.bak/userkey.pem \ -out rekey.smi 4. send the "rekey.smi" file to your national Certification Authority (CA) (ca.ui@savba.sk) 5. backup ~/.globus folder to say ~/.globus.new and move back the old folder for the time untill you will get new certificate, 6. when you receive new certificate from CA, replace the zero-length file usercert.pem in "new" folder and exchange old with new folders
Rekey Manual - for host certificate: 1. create keys in some folder (e.g. $HOME): grid-cert-request -dir . -host -int - confirm|change default parameters ("C=SK" and "O=SlovakGrid") - fill acronym of organization (O=FMPhI) - fill host name (CN=host/myhost.mydomain) - if you do not have installed the "grid-cert-request" command, you can use my 'host' script 2. sign with your user-certificate: openssl smime -sign -text -in hostcert_request.pem -out rekey.smi \ -signer ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem If you are logged-in as root, change "~/.globus" (2x) to the folder where your user certificate and user private key reside (or copy them here). 3. send the "rekey.smi" file to your national Certification Authority (ca.ui@savba.sk) by simple e-mail (no need to sign it) 4. when you receive new certificate from CA, put the private key (generated in step 1, i.e. hostkey.pem) and the new certificate (as hostcert.pem) into root@myhost.mydomain:/etc/grid-security 5. run yaim for all grid services installed on "myhost" which are using the grid certificate or manually replace old key+certificate in all locations found on "myhost" (find / -name "*.pem"), they can have another names (edguser.pem...) and restart all these services (or restart whole "myhost")