Jcert, The JLab Scicomp User Certificate Tool

External URL

https://jlab.servicenowservices.com/scicomp/?id=kb_article_view&sys_kb_id=22d2c5db1b4a09506a9e85dae54bcbcchttps://jlab.servicenowservices.com/scicomp/?id=kb_article_view&sys_kb_id=22d2c5db1b4a09506a9e85dae54bcbcc

This page is a preview of the above content, for the full web page follow the link above.

JLab Scicomp User Certificate Tool (jcert)

This tool manages the signed certificate that scientific computing programs use to verify a user's identity.

Be advised that the signed certificate is a credential that uniquely identifies a user. Anyone with access to it could id-spoof the scientific computing programs.

SWIF (the workflow system) and Jasmine (the mass storage manager) both require Jefferson Lab certificates for authentication. The certificate identifies the user to the system. Users generate their certificate by executing the following command on an ifarm host:

/site/bin/jcert -create

Please be sure to enter your CUE password exactly. You can verify by having the tool echo the password you typed in with the following command:

jcert -create -jvm:-Djcert.echo.password=true

An expired certificate can be replaced with

/site/bin/jcert -replace

To check the status of your certificate, use

/site/bin/jcert -show

The certificate is stored in ~/.scicomp/keystore

Error messages that would indicate you need to replace or create a certificate:

ERROR NSS: client certificate not found: scicomp

Note: CUE level 2 systems do not mount CUE home directories. Certificate management must be performed on CUE level 1 (jlabl/ifarm) systems. Certificate will need to be copied to ~/.scicomp/keystore on the CUE level 2 systems (ie. some office linux desktop machines)