File types

In the process of grid authentication there are several file types and file extensions, many of which seem to be storing the same information. This is intended as a reference.

An important thing to note is that there is no difference between .pfx and .p12 files. If you export a certificate from Firefox it will be given the extension .p12, and Internet Explorer gives the extension .pfx.

The .pfx files store both the public user certificate, which contains the certificate's public key, and the corresponding private key. The private key is the part no-one else should have access to.

When you use the Certificate Management Wizard, it will extract these two files from the .pfx. It then saves them by default as the files usercert.pem and userkey.pem in the directory $HOME\.globus. This is the end of the setup process.

Proxy Credentials

When you request a proxy upload, or create local credentials, new files are created. These are roughly equivalent to certificates with shorter lifetimes. Local credentials are by default named x509up_u_USERNAME and is stored in $HOME\Local Settings\Temp\. If you upload credentials, they are stored on the MyProxy server you chose. Downloading credentials from the server will store them in the same place as your local credentials.

These local credentials are in the X.509 format, but have no file extension.



Index