Configuring Konqueror to use KCA credentials

Instructions for Linux

Here are the steps for setting up Konqueror to use KCA at Fermilab:

1. Install the X.509 certificate tools.  The supported distribution is from the NSF Grid middleware project and RPMs are available. For persons tied to the UPD infrastructure, a package is available from fnkits via the usual methods.
2. Obtain a valid FNAL Kerberos TGT. If you're logging in at Fermilab, you likely already have one. If not, then you may have to configure your machine or get one specially. See the Fermilab Strong Authentication manual for installation instructions.
3. Obtain credentials from the Fermilab KCA. 
   
1. Issue the command "kx509"
2. Issue the command "kxlist -p". This will create a credential cache in /tmp/x509up_<uid>
   
4. You now need to import the credentials into Konqueror (they are stored in $HOME/.kde/share/config/ksslcertificates). This requires some format manipulation that perhaps can be streamlined by energetic Konqueror fans, but here are the steps:
1. Convert the cache into PKCS#12 format. One way to do this is via the openssl command "openssl pkcs12 -in /tmp/x509up_<uid> -out /tmp/<uid>.p12 -export"
2. Import the credentials into Konqueror
1. Go to the Security settings panel under "My certificates" and select Import
2. Point to the /tmp/<uid>.p12 file and select import.
5. You should now be good to go.
   

nightwatch@fnal.gov

Last Modified: 7/22/2003 11:47 AM