Personal tools
You are here: Home User Support User Documentation DEISA MyProxy Service

1 Introduction

The MyProxy Service gives a means to store proxy certificates for later usage when, for instance, your private key is not at hand.

The procedure to store your proxy certificate exists both as a graphical Java-based tool and via the Globus command-line command.

The Java based GSISSH-Term can use a MyProxy server directly. Alternatively, when using the Globus Toolkit, users can retrieve their proxy certificate by using the Globus command-line.

1.1 General Information about Certificates

Grid middleware uses certificates for authenticating and authorizing users. The use of certificates means that separate passwords for each account on each of the target machines are not required: instead, a user just needs to create a single certificate with a single password for their personal key. Then several services can be used with that certificate. For example, one can use gsissh to login to a DEISA machine and run there a GridFTP file transfer session or login to another machine connected to the DEISA network without the need to specify a password.

Personal certificates are obtained from a Certification Authority. Instructions to apply for a certificate usable in the DEISA infrastructure are provided by the Primer . A certificate consists of two parts: a private key and a public certificate. They can be in stored a single ‘p12’ format file or stored in 'pem' format within two separate files, namely userkey.pem and usercert.pem. Users can convert between these two formats, if necessary, using the openssl command (See DEISA Certificates FAQ). Further, a web browser can import and export p12 files.

1.2 Introduction to the MyProxy Service

The MyProxy service stores proxy certificates, where these certificates can be employed on your behalf without the need to have your private key and certificate files at hand. This is useful, for example, when you are using a computer which you do not normally use. A use case example: a researcher visits an Internet Cafe to check the status of their jobs.

Indeed, it is also best to avoid distributing the private key across several machines, but to keep it safe on your workstation instead. If you wish to run Globus commands on a platform on which you cannot or should not store your private key and/or certificates, then you can retrieve your proxy certificate stored at a MyProxy service. A use case example: A researcher needs to use ssh to login to a machine. On target machine they need to use Globus commands. Due to either security or practical reasons there is no private key stored on the target machine. So, the user can use Globus commands to fetch proxy certificate from a MyProxy server.

Document Actions