Copying personal certificate Author: L.S.Lowe. File: copycertP12. This update: 20120104. Part of Guide to the Local System.

Copying a Personal (grid) certificate

This web page just deals with the straightforward copying of an existing personal certificate from one browser to another.
  1. On the source computer, where the certificate already exists: you can see how the certificate exists in the browser, as follows:
    • in Mozilla on Linux, use Edit > Preferences > Privacy and Security > Certificates > Manage Certificates.
    • in Firefox 1.5 on Linux, use Edit > Preferences > Advanced > Security > View Certificates.
    • in Firefox 2-8+ on Linux, use Edit > Preferences > Advanced > Encryption > View Certificates.
    • in Firefox 3 on Windows, use Tools > Options > Advanced > Encryption > View Certificates.
    • in Firefox 4-8+ on Windows, use Options > Options > Advanced > Encryption > View Certificates.
    Then choose User Certificates and a list of the current and expired user certificates that this browser knows about should be displayed.

  2. Export (back-up) that certificate in P12 format to a disk file in a directory on permanent disk. So choose the user certificate you want and do the export/backup. A reasonable directory to put this backup file into is a $HOME/.globus directory, though this is not obligatory and entirely up to you. Remember the password you use to protect that P12 file. You will subsequently type in this P12 password perhaps twice per year. It's possible that you've done this back-up before, of course.

  3. Copy that P12 format file to your target computer or laptop. You could use a memory stick, or a network file-transfer, whichever is more convenient.

  4. On the target computer, where you are copying the certificate to: use an eScience-supported browser, like Firefox. Set a browser Master Password for the Software Security Device. This is the browser's way of keeping your certificate and possibly other unrelated information more secure in its own internal files (in your $HOME/.mozilla filespace). You will need the browser Master Password subsequently at most once per day, maybe less often, when the browser requests it, so make it memorable.
    • In Firefox 4 on Windows, use Options > Options > Security > and tick Use a master password.
    • In Firefox 3 on Windows, use Tools > Options > Security > and tick Use a master password.
    • In Firefox on Linux, use Edit > Preferences > Security > and tick Use a master password.
    Enter the chosen password when prompted. If it's already ticked, then leave it as it is.

  5. Now on the target computer get your Certification Authority's own certificates into your browser; for an eScience-issued certificate use the following:

  6. On the target computer:
    • in Mozilla on Linux, use Edit > Preferences > Privacy and Security > Certificates > Manage Certificates.
    • in Firefox 2-8+ on Linux, use Edit > Preferences > Advanced > Encryption > View Certificates.
    • in Firefox 3 on Windows, use Tools > Options > Advanced > Encryption > View Certificates.
    • in Firefox 4-9+ on Windows, use Options > Options > Advanced > Encryption > View Certificates.
    Then choose User Certificates and a list of the current and expired user certificates that this browser knows about already should be displayed: possibly none.

  7. Click the Import button and browse for the P12 file that you exported and copied earlier, and click Open. When prompted, enter the password you used earlier to protect the P12 file.

  8. Check your browser certificate works: for an eScience certificate you can use the Grid-Support Test Certificate web page. If this says (amongst other things) Client Authentication: SUCCESS then you have a valid certificate. If you get a Alert error message (for example, "host has received an incorrect or unexpected message") then your certificate is not (yet) correctly installed.

L.S.Lowe