In order to register with WLCG and use JAliEn, each user must complete the following 4 steps:
Step 1: Cleanup old/expired certificates
If you have old or expired certificates and are registering a new one, make sure to follow these steps:
- Remove your old certificate from your browser. Most of the new certification authorities (CAs) install the new certificate directly in the browser from which you do the request;
- On the computer(s) you use to do 'alien-token-init from:
- Remove the .pem files from $HOME/.globus. You will need to create new set with from your new certificate;
- Remove /tmp/x509up_* - these are temporaty proxy certificates created from the .pem keypair and may interfere with the new certificate.
3. To create a new .pem keypair once you have your new certificate, follow the instructions published here
Step 2: Obtain a valid X509 certificate
To obtain a valid personal digital certificate (also known as PKI or X509 certificate), refer the Certificate instruction provided by WLCG.
Step 3: Load certificate into browser
Load your personal certificate into the browser (instructions may also be found here). Quite often, the procedure to obtain personal digital certificates from the Certification Authorities (CAs) includes automatic loading it into the browse. Make sure you don't have any leftover old certificates there (see step 1).
Step 4: Follow the registration steps in IAM (Identity and Access Management), instructions here
NOTE: the step are quite different from the old VOMS-admin service, please pay close attention.