Instructions to get GRID certificate

https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid

Renew GRID certificate:

Download new GRID certificate here: https://ca.cern.ch/ca/user/Request.aspx?template=EE2User or click on New Grid User certificate here: https://ca.cern.ch/ca/

Then execute the following commands on the remote server where you will use the GRID certificate (PSI T3, LXPLUS, etc...):

cd ~/.globus
mv /path/to/mycert.p12 .
rm -f usercert.pem
rm -f userkey.pem
openssl pkcs12 -in mycert.p12 -clcerts -nokeys -out usercert.pem
openssl pkcs12 -in mycert.p12 -nocerts -out userkey.pem
chmod 400 userkey.pem
chmod 400 usercert.pem

Finally, copy the .p12 certificate on your laptop and import it in the browser. For Firefox: Settings > Privacy & Security > View Certificates > Import… Then select the .p12 file. Delete the previous certificate if you are renewing your certificate.

Initialize GRID certificate

Every 7 days, do the following:

voms-proxy-init --rfc -voms cms -valid 192:00

To automatically check your GRID certificate, you can add the following to your ~/.bash_profile:

gfal-ls root://storage01.lcg.cscs.ch:1096//pnfs/lcg.cscs.ch/cms/trivcat/store/user/${USER}/ > /dev/null 2>&1
if [ ! "$?" == "0" ]; then
    echo "Please update your GRID certificate running the following command:"
    echo "voms-proxy-init --rfc --voms cms -valid 192:00"
fi

You can also directly add the command instead of echoing it. But keep in mind that this might prevent VSCode from opening when the command is prompted, because it will be pending, waiting for the GRID certificate passphrase.

gfal-ls root://storage01.lcg.cscs.ch:1096//pnfs/lcg.cscs.ch/cms/trivcat/store/user/${USER}/ > /dev/null 2>&1
if [ ! "$?" == "0" ]; then
    voms-proxy-init --rfc --voms cms -valid 192:00
fi