Skip to main content

[ubuntu] Split p12 to public / private pem keys

Usually X.509 Certificates are downloaded using a browser and managed by the browser itself. Anyway it is possible to export your certificate in a file PKCS12 (which will probably have the extension .p12 or .pfx).

The procedure to export the certificate vary from browser to browser, for example Internet Explorer starts with "Tools − > Internet Options − > Content"; Netscape Communicator has a "Security" button on the top menu bar; Mozilla starts with "Edit − > Preferences − > Privacy and Security − > Certificates" and Firefox has "Edit − > Preferences − > Advanced − > Certificates − > manage certificates − > backup".

Unfortunately PKCS12 format is not accepted by Globus security infrastructure, but you can easily convert it into the supported standard (PEM). This operation will split your *.p12 file in two files:

the certificate (usercert.pm) and the private key (userkey.pm). The conversion can be performed with openssl tool:

$ openssl pkcs12 -nocerts -in mycert.p12 -out userkey.pem
$ openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem
$ chmod 0400 userkey.pem
$ chmod 0600 usercert.pem

Permission must be set as shown not only for security reasons: voms-proxy-init and grid-proxy-init commands will fail if your private key is not protected as listed above.

Comments

Post a Comment

Popular posts from this blog

Browser User Agent List

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36 Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0;...
Post a Comment
Read more

[linux] Adjusting child processes for PHP-FPM (Nginx)

Adjusting child processes for PHP-FPM (Nginx) Problem: The following warning message appears in the logs: [26-Jul-2012 09:49:59] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 32 children, there are 8 idle, and 58 total children [26-Jul-2012 09:50:00] WARNING: [pool www] server reached pm.max_children setting (50), consider raising it It means that there are not enough PHP-FPM processes. Solution: We need to calculate and change these values based on the amount of memory on the system: /etc/php-fpm.d/www.conf pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 - the following command will help us to determine the memory used by each (PHP-FPM) child process: ps -ylC php-fpm --sort:rss The RSS column shows non-swapped physical memory usage by PHP-FPM processes in kilo Bytes. On an average each PHP-FPM process took ~75MB of RAM on my machine. Appropriate valu...
Post a Comment
Read more

[symfony] Assert in Entity

* @Assert\NotBlank() * @Assert\Blank() * @Assert\NotNull() * @Assert\Null() * @Assert\True(message = "The token is invalid") * @Assert\False( *     message = "You've entered an invalid state." * ) * @Assert\Type(type="integer", message="The value {{ value }} is not a valid {{ type }}.") is_ array bool callable float double int integer long null numeric object real resource scalar string ctype_ alnum alpha cntrl digit graph lower print punct space upper xdigit * @Assert\Email( *     message = "The email '{{ value }}' is not a valid email.", *     checkMX = true * ) * @Assert\Length( *      min = 2, *      max = 50, *      minMessage = "Your first name must be at least {{ limit }} characters long", *      maxMessage = "Your first name cannot be longer than {{ limit }} characters long" * ...
Post a Comment
Read more