Jcert, The JLab Scicomp User Certificate Tool
This page is a preview of the above content, for the full web page follow the link above.
JLab Scicomp User Certificate Tool (jcert)
This tool manages the signed certificate that scientific computing programs use to verify a user's identity.
- Be advised that the signed certificate is a credential that uniquely identifies a user. Anyone with access to it could id-spoof the scientific computing programs.
SWIF (the workflow system) and Jasmine (the mass storage manager) both require Jefferson Lab certificates for authentication. The certificate identifies the user to the system. Users generate their certificate by executing the following command on an ifarm host:
/site/bin/jcert -create
Please be sure to enter your CUE password exactly. You can verify by having the tool echo the password you typed in with the following command:
jcert -create -jvm:-Djcert.echo.password=true
An expired certificate can be replaced with
/site/bin/jcert -replace
To check the status of your certificate, use
/site/bin/jcert -show
The certificate is stored in ~/.scicomp/keystore
Error messages that would indicate you need to replace or create a certificate:
ERROR NSS: client certificate not found: scicomp
Note: CUE level 2 systems do not mount CUE home directories. Certificate management must be performed on CUE level 1 (jlabl/ifarm) systems. Certificate will need to be copied to ~/.scicomp/keystore on the CUE level 2 systems (ie. some office linux desktop machines)