Changes between Version 70 and Version 71 of flukes

Show
Ignore:
Timestamp:
01/29/13 12:43:49 (6 years ago)
Author:
ibaldin (IP: 152.54.9.21)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • flukes

    v70 v71  
    200200When using Flukes, the experimenter can use one of the following credentials: 
    201201 
    202  * A private key/certificate pem file provided by the GENI Project Office 
    203  * A private key/certificate pem file provided by Emulab/ProtoGENI 
    204  * A private key and a certificate provided by BEN 
     202 * A private key generated by you and a certificate file generated through GENI Portal (a .key '''and''' a .pem file) 
     203 * A private key/certificate pem file provided by the GENI Project Office or Emulab - both generated through portal (single .pem file) 
     204 * A private key and a certificate provided by BEN (a .key '''and''' a .crt file) 
    205205 
    206206This section explains how to convert these credentials for use with Flukes. It presumes you have one of the credentials described above. A Flukes keystore can contain multiple private key entries. A user can select the key to be used for submitting a specific request at the time of the submission.  
     
    212212{{{ 
    213213$ openssl x509 -text -in mycredential.pem 
     214}}} 
     215 * '''ONLY IF''' you have a separate file containing the private key (.key) and a separate certificate file (.crt or .pem) from GENI or BEN, combine them into a single PKCS12 store: 
     216{{{ 
     217$ openssl pkcs12 -export -in username.[crt|pem] -inkey username.key -out username.p12 
    214218}}} 
    215219 * Start Portecle 
    216220 * Create a new keystore of type JKS 
    217221 * Click on "Import Key Pair" 
    218  * Locate the .pem file 
    219  * Enter the password protecting the .pem file 
    220  * Import the key and certificate, but change the key alias to something simpler than a GUID (e.g. firstnamelastname-emulab with no spaces) 
     222 * Locate the .pem or the .p12 (if you generated one) file 
     223 * Enter the password protecting the .pem or the .p12 file 
     224 * Import the key and certificate, but '''change the key alias''' to something simpler than a GUID (e.g. firstnamelastname-geni with no spaces) 
    221225 * Enter and confirm a new key password  
    222226 * Click on "Save Keystore" 
    223  * Enter and confirm the new keystore password (use same as the key password) 
     227 * Enter and confirm the new keystore password (use '''same as the key password''') 
    224228 * Enter the path to the keystore file into .flukes.properties "user.keystore" property 
    225229 
    226 '''A note about keystore passwords: ''' a java keystore always has a password protecting its integrity. Each key within a keystore can also have a password. Flukes currently assumes both the keystore and key passwords are the same.  
     230'''A note about keystore passwords: ''' a java keystore always has a password protecting its integrity. Each key within a keystore can also have a password. Flukes currently assumes both the keystore and key passwords are '''the same'''.  
    227231 
    228232When you submit a request through Flukes, it will ask you for the key alias and password. You should use the alias you assigned to this new key and the password used for keystore and keys. Note that you can have multiple key/certificate pairs under different aliases within the same keystore (e.g. one from GPO and one from BEN).  
    229  
    230 === Using BEN credentials === 
    231  
    232 For credentials issued through BEN (usually as part of BEN VPN access) the user must first create a single PKCS!#12 file combining the private key and a BEN certificate (they are otherwise supplied separately). Then the resulting .p12 file can be imported into a Java keystore the same way that a .pem file from GPO or Emulab is imported: 
    233 {{{ 
    234 $ openssl pkcs12 -export -in username.crt -inkey username.key -out username.p12 
    235 }}} 
    236 In this case username.crt and username.key are your BEN certificate and private key, respectively and username.p12 is the new file combining the two.