The DutchGrid CA is a 'classic' CA which itself needs to verify your identity and make sure that you actually are who you say you are. This process is not instantaneous: it takes up to two days to complete, and requires you to visit one of our Registration Authorities in-person.
Fortunately, there is a far easier and quicker way to get a certificate suiteable for use on the Grid: the TERENA eScience Personal Certificate service, provided to all dutch reseach and academic institutions by SURFnet, the Dutch Research and Educational Network through the SURFfederatie.

If you work at one of the institutions listed, just click on the Get your certificate link and log in to the service. Your certificate will be issued in a few minutes:

• Get your personal certificate now
• Read more about the TERENA Certificate Services
• eScience Server certificates can be requested through your regular SURFnet ICP/SCS-RA channels. Just be sure to request eScience SSL certs instead of plain SSL certs.

• Erasmus Universiteit
• Rijksuniversiteit Groningen
• Technische Universiteit Delft
• Universiteit van Tilburg
• Vrije Universiteit
• Universiteit van Amsterdam
• Nikhef, nationaal instituut voor subatomaire fysica
• SARA reken- en netwerkdiensten
• TERENA
• SURFnet BV

Putting your browser-based eScience certificate into a file

By default, your certificate (and your private key) are located in your browser. You can use this instantly with all web-based services, such as administrative interfaces, VO registration, etc. For use with grid job submission, you should export these to local files on disk, names "usercert.pem" and "userkey.pem", in the following way:

1. Open the certificate store of your browser or operating system. In Mozilla Firefox 3 (the example shown below), this is located under "Tools", then "Options", "Advanced", and click on "View certificates". In Internet Explorer, go to "Options", "Internte Settings", "Content", and there click "Certificates".

   
   
   

2. Click "backup your certificate", and also selet "save private key" when asked for. Store the file (it will be called something.p12, since the file format is called PKCS#12), and remember where you wrote it!

3. Start jGridstart and import your certificate from the PKCS#12 ".p12" file. It is now ready for grid use.
   Alternatively, convert the "p12" file to a user cert and user key file using the command-line tools:
   

   openssl pkcs12 -nocerts -in cert.p12 -out $HOME/.globus/userkey.pem
   openssl pkcs12 -clcerts -nokeys -in cert.p12 -out $HOME/.globus/usercert.pem 
   chmod 0600 userkey.pem
   chmod 0644 usercert.pem 
         

   and don't forget the last step (the permissions bit) or you will see strange errors.

4. Go to the registration page of your user community and join a VO, a 'virtual organisation'. A list of frequently used VOs and how to join them is provided by BiG Grid.

Many grid tools (job submission, file management) use a file-based certificate, typically called "usercert.pem" and "userkey.pem" in a ".globus" subdirectory of your home folder. You can use the TCS eScience CA easily with this kind of set-up, by submissing the corresponding "userrequest.pem" file as a "Certificate Signing Request" (CSR) into the TCS portal.

To generate the certificate request files on a Unix or Linux system (or on Windows with the Cygwin tools):

mkdir $HOME/.globus
openssl req -subj "/CN=Pietje Puk 42" -out $HOME/.globus/userrequest.pem -keyout $HOME/.globus/userkey.pem -new

If you want to import a usercert and userkey file combination into your browser, you can use the jGridstart certificate management tool, or look at the documentation for installation by hand.