Frequently Asked Questions

Q: How do I participate in the APBioGRID? A: You need to get Globus Toolkit installed on all the hosts which you want to be part of APBioGRID. If your hosts is one of the platforms directly supported by APBioGRID, you can just download the customised self-installer package from APBioGRID at http://www.apbionet.org/apbiogrid/download/. Follow the installation instructions in the package to get the Globus installed and automatically configured to work with APBioGRID. APBioNet aims to support more platforms progressively. So do check back often. Alternatively, you can download the Globus Toolkit from Globus download site at http://www.globus.org/download/. This may potentially be a challenging process to get it done. Read the Globus System Administration Guide. We also provide a customised, but much reduced, documentation for installation of Globus for APBioGRID. Q: What are certificates? How many types are there? A: A certificate is a digital token used to identify an entity in a secure manner. In Globus context, there are primarily two types of certificates: Grid host (or gatekeeper and user certificates. A host certificate is used to identify a host participating in the Grid (<Globus-deploy>/etc/globus-host-file.cert). A user certificate is what a user would use to authenticate him/herself and gain access to the Grid resources ($HOME/.globus/usercert.pem). Q: How do I get my (user/host) certificates? A: For host certificates, the keypair should already be generated during the installation and deployment process. Basically you will need to email the certificate signing request (CSR) file (<Globus-deploy>/etc/globus-host-file.request to the CA. For user certificates, run the Globus command grid-cert-request to generate the keypair and CSR, and email the CSR to your favourite CA. See Q below. Q: How do I gain access to the APBioGRID? A: This is a four-step process: Step 1: Generate user keypair Assuming your host already has Globus Toolkit installed, use the Globus command "grid-cert-request", as shown below, to generate your user keypair: xxx This generates your personal keypair (public and private keys), which is stored in $HOME/.globus/userkey.pem. Step 2: Get a CA to sign your key and issue you a certificate Together with the keypair generation step, a so-called certificate signing request (CSR) file is generated: $HOME/.globus/usercert.csr. Email this file to your favourite certification authority (CA) for signing and issuing you a certificate. If you don't have one, you can email it to APBioGRID CA at grid-ca@bic.nus.edu.sg. You can do: mail -s 'Please sign my key' grid-ca@apbionet.org < $HOME/.globus/usercert.csr Step 3: Install your certificate Cut and paste the certificate you received in your mailbox into the file $HOME/.globus/usercert.pem. Step 4: Send an authorisation request to the appropriate Grid admin or APBioGRID Email the appropriate administrator of the Grid, or grid-admin@apbionet.org for APBioGRID resources directly managed by APBioNet. In your email, include the distinguished name of your cert by using the Globus command "grid-cert-info" as follows: grid-cert-info -subject In Globus language, ask the administrator to "add your distingushed name into the grid-mapfile". Step 4a: Ask for recognition of your signing CA In the case whereby the CA issueing you the certificate is not yet recognised by the Grid you want to access, you need to request to the administrator of the Grid that that CA be recognised by the Grid. This step enables your certificate to be accepted for authentication by the Grid.