Copying a Personal (grid) certificate
This web page just deals with the straightforward copying of an existing personal certificate from one browser to another.- On the source computer, where the certificate already exists:
you can see how the certificate exists in the browser, as follows:
- in Mozilla on Linux, use Edit > Preferences > Privacy and Security > Certificates > Manage Certificates.
- in Firefox 1.5 on Linux, use Edit > Preferences > Advanced > Security > View Certificates.
- in Firefox 2-8+ on Linux, use Edit > Preferences > Advanced > Encryption > View Certificates.
- in Firefox 3 on Windows, use Tools > Options > Advanced > Encryption > View Certificates.
- in Firefox 4-8+ on Windows, use Options > Options > Advanced > Encryption > View Certificates.
- Export (back-up) that certificate in P12 format to a disk file in a directory on permanent disk. So choose the user certificate you want and do the export/backup. A reasonable directory to put this backup file into is a $HOME/.globus directory, though this is not obligatory and entirely up to you. Remember the password you use to protect that P12 file. You will subsequently type in this P12 password perhaps twice per year. It's possible that you've done this back-up before, of course.
- Copy that P12 format file to your target computer or laptop. You could use a memory stick, or a network file-transfer, whichever is more convenient.
- On the target computer, where you are copying the certificate to:
use an eScience-supported browser, like Firefox.
Set a browser Master Password for the Software Security Device.
This is the browser's way of keeping your certificate and possibly other unrelated
information more secure in its own internal files (in your $HOME/.mozilla filespace).
You will need the browser Master Password subsequently at most once per day,
maybe less often, when the browser requests it, so make it memorable.
- In Firefox 4 on Windows, use Options > Options > Security > and tick Use a master password.
- In Firefox 3 on Windows, use Tools > Options > Security > and tick Use a master password.
- In Firefox on Linux, use Edit > Preferences > Security > and tick Use a master password.
- Now on the target computer get your Certification Authority's own certificates into your browser;
for an eScience-issued certificate use the following:
- Get eScience Root certificate (tick all trust boxes you are happy to tick).
- Get eScience CA certificate (tick all trust boxes you are happy to tick).
- Get eScience 2A certificate (tick all trust boxes you are happy to tick).
- Get eScience 2B certificate (tick all trust boxes you are happy to tick).
- On the target computer:
- in Mozilla on Linux, use Edit > Preferences > Privacy and Security > Certificates > Manage Certificates.
- in Firefox 2-8+ on Linux, use Edit > Preferences > Advanced > Encryption > View Certificates.
- in Firefox 3 on Windows, use Tools > Options > Advanced > Encryption > View Certificates.
- in Firefox 4-9+ on Windows, use Options > Options > Advanced > Encryption > View Certificates.
- Click the Import button and browse for the P12 file that you exported and copied earlier, and click Open. When prompted, enter the password you used earlier to protect the P12 file.
- Check your browser certificate works: for an eScience certificate you can use the Grid-Support Test Certificate web page. If this says (amongst other things) Client Authentication: SUCCESS then you have a valid certificate. If you get a Alert error message (for example, "host has received an incorrect or unexpected message") then your certificate is not (yet) correctly installed.
L.S.Lowe