From f066f7b96ba3d15bee44aba26bd8920dded5a0b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Krup=C4=8D=C3=ADk?= <lukas.krupcik@vsb.cz>
Date: Fri, 26 Aug 2016 21:40:59 +0200
Subject: [PATCH] all
---
.../graphical-user-interface.md | 4 +-
.../graphical-user-interface/vnc.md | 7 +-
.../x-window-system.md | 3 +-
.../accessing-the-clusters/introduction.md | 6 +-
.../shell-access-and-data-transfer/putty.md | 12 +-
.../puttygen.md | 4 +-
.../ssh-keys.md | 3 +-
.../vpn-connection-fail-in-win-8.1.md | 2 +-
.../applying-for-resources.md | 5 +-
.../certificates-faq.md | 261 ++++--------------
.../obtaining-login-credentials.md | 200 ++++----------
11 files changed, 128 insertions(+), 379 deletions(-)
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md
index 517b9a80..b605c6b2 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md
@@ -6,12 +6,12 @@ X Window System
The X Window system is a principal way to get GUI access to the clusters.
-Read more about configuring [**X Window System**](x-window-system/x-window-and-vnc.html).
+Read more about configuring [**X Window System**](x-window-system/x-window-and-vnc.md).
VNC
---
The **Virtual Network Computing** (**VNC**) is a graphical [desktop sharing](http://en.wikipedia.org/wiki/Desktop_sharing "Desktop sharing") system that uses the [Remote Frame Buffer protocol (RFB)](http://en.wikipedia.org/wiki/RFB_protocol "RFB protocol") to remotely control another [computer](http://en.wikipedia.org/wiki/Computer "Computer").
-Read more about configuring **[VNC](../../../salomon/accessing-the-cluster/graphical-user-interface/vnc.html)**.
+Read more about configuring **[VNC](../../../salomon/accessing-the-cluster/graphical-user-interface/vnc.md)**.
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md
index 65b71eb5..e4169653 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md
@@ -20,7 +20,7 @@ Start vncserver
---------------
>To access VNC a local vncserver must be started first and also a tunnel using SSH port forwarding must be established.
-[See below](vnc.html#linux-example-of-creating-a-tunnel) for the details on SSH tunnels. In this example we use port 61.
+[See below](vnc.md#linux-example-of-creating-a-tunnel) for the details on SSH tunnels. In this example we use port 61.
You can find ports which are already occupied. Here you can see that ports " /usr/bin/Xvnc :79" and " /usr/bin/Xvnc :60" are occupied.
@@ -199,7 +199,7 @@ Allow incoming X11 graphics from the compute nodes at the login node:
$ xhost +
```
-Get an interactive session on a compute node (for more detailed info [look here](../../../../anselm-cluster-documentation/resource-allocation-and-job-execution/job-submission-and-execution.html)). Use the **-v DISPLAY** option to propagate the DISPLAY on the compute node. In this example, we want a complete node (24 cores in this example) from the production queue:
+Get an interactive session on a compute node (for more detailed info [look here](../../../../anselm-cluster-documentation/resource-allocation-and-job-execution/job-submission-and-execution.md)). Use the **-v DISPLAY** option to propagate the DISPLAY on the compute node. In this example, we want a complete node (24 cores in this example) from the production queue:
```bash
$ qsub -I -v DISPLAY=$(uname -n):$(echo $DISPLAY | cut -d ':' -f 2) -A PROJECT_ID -q qprod -l select=1:ncpus=24
@@ -213,5 +213,4 @@ $ xterm
Example described above:
-
-
+
\ No newline at end of file
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md
index ad031142..deb75a0a 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md
@@ -127,5 +127,4 @@ $ gnome-session &
In this way, we run remote gnome session on the cluster, displaying it in the local X server
-Use System->Log Out to close the gnome-session
-
+Use System->Log Out to close the gnome-session
\ No newline at end of file
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md
index 2920547b..b62dab35 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md
@@ -3,13 +3,13 @@ Accessing the Clusters
The IT4Innovations clusters are accessed by SSH protocol via login nodes.
->Read more on [Accessing the Salomon Cluste](../salomon/accessing-the-cluster.html)r or [Accessing the Anselm Cluster](../anselm-cluster-documentation/accessing-the-cluster.html) pages.
+>Read more on [Accessing the Salomon Cluste](../salomon/accessing-the-cluster.html)r or [Accessing the Anselm Cluster](../anselm-cluster-documentation/accessing-the-cluster.md) pages.
### PuTTY
-On **Windows**, use [PuTTY ssh client](accessing-the-clusters/shell-access-and-data-transfer/putty/putty.html).
+On **Windows**, use [PuTTY ssh client](accessing-the-clusters/shell-access-and-data-transfer/putty.md).
### SSH keys
-Read more about [SSH keys management](accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.html).
+Read more about [SSH keys management](accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md).
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md
index d1889083..4ee895d5 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md
@@ -8,31 +8,31 @@ PuTTY - before we start SSH connection
We recommned you to download "**A Windows installer for everything except PuTTYtel**" with **Pageant*** (SSH authentication agent) and **PuTTYgen** (PuTTY key generator) which is available [here](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html).
->After installation you can proceed directly to private keys authentication using ["Putty"](putty.html#putty).
+>After installation you can proceed directly to private keys authentication using ["Putty"](putty.md#putty).
"Change Password for Existing Private Key" is optional.
"Generate a New Public/Private key pair" is intended for users without Public/Private key in the initial email containing login credentials.
"Pageant" is optional.
### PuTTYgen
-PuTTYgen is the PuTTY key generator. Read more how to load in an existing private key and change your passphrase or generate a new public/private key pair using [PuTTYgen](puttygen.html) if needed.
+PuTTYgen is the PuTTY key generator. Read more how to load in an existing private key and change your passphrase or generate a new public/private key pair using [PuTTYgen](puttygen.md) if needed.
### Pageant SSH agent
-[Pageant](pageant.html) holds your private key in memory without needing to retype a passphrase on every login. We recommend its usage.
+[Pageant](pageant.md) holds your private key in memory without needing to retype a passphrase on every login. We recommend its usage.
PuTTY - how to connect to the IT4Innovations cluster
--------------------------------------------------------
- Run PuTTY
-- Enter Host name and Save session fields with [Login address](../../../../salomon/accessing-the-cluster/shell-and-data-access/shell-and-data-access.html) and browse Connection - > SSH -> Auth menu. The *Host Name* input may be in the format **"username@clustername.it4i.cz"** so you don't have to type your login each time.In this example we will connect to the Salomon cluster using **"salomon.it4i.cz"**.
+- Enter Host name and Save session fields with [Login address](../../../../salomon/accessing-the-cluster/shell-and-data-access.md) and browse Connection - > SSH -> Auth menu. The *Host Name* input may be in the format **"username@clustername.it4i.cz"** so you don't have to type your login each time.In this example we will connect to the Salomon cluster using **"salomon.it4i.cz"**.
- Category -> Connection - > SSH -> Auth:
Select Attempt authentication using Pageant.
Select Allow agent forwarding.
- Browse and select your [private key](../ssh-keys.html) file.
+ Browse and select your [private key](../ssh-keys.md) file.
@@ -45,7 +45,7 @@ PuTTY - how to connect to the IT4Innovations cluster
- Enter your username if the *Host Name* input is not in the format "username@salomon.it4i.cz".
-- Enter passphrase for selected [private key](../ssh-keys.html) file if Pageant **SSH authentication agent is not used.**
+- Enter passphrase for selected [private key](../ssh-keys.md) file if Pageant **SSH authentication agent is not used.**
Another PuTTY Settings
----------------------
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md
index 3945358a..6980dc10 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md
@@ -7,7 +7,7 @@ PuTTYgen is the PuTTY key generator. You can load in an existing private key and
You can change the password of your SSH key with "PuTTY Key Generator". Make sure to backup the key.
-- Load your [private key](../ssh-keys.html) file with *Load* button.
+- Load your [private key](../ssh-keys.md) file with *Load* button.
- Enter your current passphrase.
- Change key passphrase.
- Confirm key passphrase.
@@ -48,4 +48,4 @@ You can generate an additional public/private key pair and insert public key in
- Now you can insert additional public key into authorized_keys file for authentication with your own private key.
- You must log in using ssh key received after registration. Then proceed to [How to add your own key](../ssh-keys.html).
+ You must log in using ssh key received after registration. Then proceed to [How to add your own key](../ssh-keys.md).
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
index 05c455e9..1057f773 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
@@ -108,5 +108,4 @@ In this example, we add an additional public key, stored in file additional_key.
### How to remove your own key
-Removing your key from authorized_keys can be done simply by deleting the corresponding public key which can be identified by a comment at the end of line (eg. username@organization.example.com).
-
+Removing your key from authorized_keys can be done simply by deleting the corresponding public key which can be identified by a comment at the end of line (eg. username@organization.example.com).
\ No newline at end of file
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/vpn-connection-fail-in-win-8.1.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/vpn-connection-fail-in-win-8.1.md
index 89170271..84f67742 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/vpn-connection-fail-in-win-8.1.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/vpn-connection-fail-in-win-8.1.md
@@ -1,4 +1,4 @@
-VPN - Connection fail in Win 8.1
+VPN - Connection fail in Win 8.1
================================
**Failed to initialize connection subsystem Win 8.1 - 02-10-15 MS patch**
diff --git a/docs.it4i/get-started-with-it4innovations/applying-for-resources.md b/docs.it4i/get-started-with-it4innovations/applying-for-resources.md
index f29bdf17..e66d7a57 100644
--- a/docs.it4i/get-started-with-it4innovations/applying-for-resources.md
+++ b/docs.it4i/get-started-with-it4innovations/applying-for-resources.md
@@ -9,7 +9,4 @@ Anyone is welcomed to apply via the [Directors Discretion.](http://www.it4i.cz/o
Foreign (mostly European) users can obtain computational resources via the [PRACE (DECI) program](http://www.prace-ri.eu/DECI-Projects).
-In all cases, IT4Innovations’ access mechanisms are aimed at distributing computational resources while taking into account the development and application of supercomputing methods and their benefits and usefulness for society. The applicants are expected to submit a proposal. In the proposal, the applicants **apply for a particular amount of core-hours** of computational resources. The requested core-hours should be substantiated by scientific excellence of the
-proposal, its computational maturity and expected impacts. Proposals do undergo a scientific, technical and economic
-evaluation. The allocation decisions are based on this
-evaluation. More information at [Computing resources allocation](http://www.it4i.cz/computing-resources-allocation/?lang=en) and [Obtaining Login Credentials](obtaining-login-credentials.html) page.
+In all cases, IT4Innovations’ access mechanisms are aimed at distributing computational resources while taking into account the development and application of supercomputing methods and their benefits and usefulness for society. The applicants are expected to submit a proposal. In the proposal, the applicants **apply for a particular amount of core-hours** of computational resources. The requested core-hours should be substantiated by scientific excellence of the proposal, its computational maturity and expected impacts. Proposals do undergo a scientific, technical and economic evaluation. The allocation decisions are based on this evaluation. More information at [Computing resources allocation](http://www.it4i.cz/computing-resources-allocation/?lang=en) and [Obtaining Login Credentials](obtaining-login-credentials.md) page.
\ No newline at end of file
diff --git a/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md b/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md
index 524ef4e3..a3b157f6 100644
--- a/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md
+++ b/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md
@@ -1,304 +1,161 @@
-Certificates FAQ
+Certificates FAQ
================
FAQ about certificates in general
-
-
Q: What are certificates?
-------------------------
-IT4Innovations employs X.509 certificates for secure communication (e.
-g. credentials exchange) and for grid services related to PRACE, as they
-present a single method of authentication for all PRACE services, where
-only one password is required.
+IT4Innovations employs X.509 certificates for secure communication (e. g. credentials exchange) and for grid services related to PRACE, as they present a single method of authentication for all PRACE services, where only one password is required.
-There are different kinds of certificates, each with a different scope
-of use. We mention here:
+There are different kinds of certificates, each with a different scope of use. We mention here:
- User (Private) certificates
-
- Certificate Authority (CA) certificates
-
- Host certificates
-
- Service certificates
-Â
-
-**However, users need only manage User and CA certificates. Note that your
-user certificate is protected by an associated private key, and this
-private key must never be disclosed**.
+**However, users need only manage User and CA certificates. Note that your user certificate is protected by an associated private key, and this private key must never be disclosed**.
Q: Which X.509 certificates are recognised by IT4Innovations?
-------------------------------------------------------------
-
-Any certificate that has been issued by a Certification Authority (CA)
-from a member of the IGTF ([http:www.igtf.net](http://www.igtf.net/)) is
-recognised by IT4Innovations: European certificates are issued by
-members of the EUGridPMA
-([https://www.eugridmpa.org](https://www.eugridpma.org/)), which is part
-of the IGTF and coordinates the trust fabric for e-Science Grid
-authentication within Europe. Further the Czech *"Qualified certificate"
-(Kvalifikovaný certifikát)* (provided by <http://www.postsignum.cz/> or
-<http://www.ica.cz/Kvalifikovany-certifikat.aspx>), that is used in
-electronic contact with Czech public authorities is accepted.
+Any certificate that has been issued by a Certification Authority (CA) from a member of the IGTF ([http:www.igtf.net](http://www.igtf.net/)) is recognised by IT4Innovations: European certificates are issued by members of the EUGridPMA ([https://www.eugridmpa.org](https://www.eugridpma.org/)), which is part if the IGTF and coordinates the trust fabric for e-Science Grid authentication within Europe. Further the Czech *"Qualified certificate" (Kvalifikovaný certifikát)* (provided by <http://www.postsignum.cz/> or <http://www.ica.cz/Kvalifikovany-certifikat.aspx>), that is used in electronic contact with Czech public authorities is accepted.
Q: How do I get a User Certificate that can be used with IT4Innovations?
------------------------------------------------------------------------
+To get a certificate, you must make a request to your local, IGTF approved, Certificate Authority (CA). Usually you then must visit, in person, your nearest Registration Authority (RA) to verify your affiliation and identity (photo identification is required). Usually, you will then be emailed details on how to retrieve your certificate, although procedures can vary between CAs. If you are in Europe, you can locate your trusted CA via <http://www.eugridpma.org/members/worldmap>.
-To get a certificate, you must make a request to your local, IGTF
-approved, Certificate Authority (CA). Usually you then must visit, in
-person, your nearest Registration Authority (RA) to verify your
-affiliation and identity (photo identification is required). Usually,
-you will then be emailed details on how to retrieve your certificate,
-although procedures can vary between CAs. If you are in Europe, you can
-locate your trusted CA via <http://www.eugridpma.org/members/worldmap>.
-
-In some countries certificates can also be retrieved using the TERENA
-Certificate Service, see the FAQ below for the link.
+In some countries certificates can also be retrieved using the TERENA Certificate Service, see the FAQ below for the link.
Q: Does IT4Innovations support short lived certificates (SLCS)?
---------------------------------------------------------------
-
-Yes, provided that the CA which provides this service is also a member
-of IGTF.
+Yes, provided that the CA which provides this service is also a member of IGTF.
Q: Does IT4Innovations support the TERENA certificate service?
--------------------------------------------------------------
-
-Yes, ITInnovations supports TERENA eScience personal certificates. For
-more information, please visit
-[https://tcs-escience-portal.terena.org](https://tcs-escience-portal.terena.org/){.spip_url
-.spip_out}, where you also can find if your organisation/country can use
-this service
+ Yes, ITInnovations supports TERENA eScience personal certificates. For more information, please visit [https://tcs-escience-portal.terena.org](https://tcs-escience-portal.terena.org/), where you also can find if your organisation/country can use this service
Q: What format should my certificate take?
------------------------------------------
+User Certificates come in many formats, the three most common being the ’PKCS12’, ’PEM’ and the JKS formats.
-User Certificates come in many formats, the three most common being the
-’PKCS12’, ’PEM’ and the JKS formats.
+The PKCS12 (often abbreviated to ’p12’) format stores your user certificate, along with your associated private key, in a single file. This form of your certificate is typically employed by web browsers, mail clients, and grid services like UNICORE, DART, gsissh-term and Globus toolkit (GSI-SSH, GridFTP and GRAM5).
-The PKCS12 (often abbreviated to ’p12’) format stores your user
-certificate, along with your associated private key, in a single file.
-This form of your certificate is typically employed by web browsers,
-mail clients, and grid services like UNICORE, DART, gsissh-term and
-Globus toolkit (GSI-SSH, GridFTP and GRAM5).
+The PEM format (*.pem) stores your user certificate and your associated private key in two separate files. This form of your certificate can be used by PRACE’s gsissh-term and with the grid related services like Globus toolkit (GSI-SSH, GridFTP and GRAM5).
-The PEM format (*.pem) stores your user certificate and your associated
-private key in two separate files. This form of your certificate can be
-used by PRACE’s gsissh-term and with the grid related services like
-Globus toolkit (GSI-SSH, GridFTP and GRAM5).
+To convert your Certificate from PEM to p12 formats, and *vice versa*, IT4Innovations recommends using the openssl tool (see separate FAQ entry).
-To convert your Certificate from PEM to p12 formats, and *vice versa*,
-IT4Innovations recommends using the openssl tool (see separate FAQ
-entry).
+JKS is the Java KeyStore and may contain both your personal certificate with your private key and a list of your trusted CA certificates. This form of your certificate can be used by grid services like DART and UNICORE6.
-JKS is the Java KeyStore and may contain both your personal certificate
-with your private key and a list of your trusted CA certificates. This
-form of your certificate can be used by grid services like DART and
-UNICORE6.
-
-To convert your Certificate from p12 to JKS, IT4Innovations recommends
-using the keytool utiliy (see separate FAQ entry).
+To convert your Certificate from p12 to JKS, IT4Innovations recommends using the keytool utiliy (see separate FAQ entry).
Q: What are CA certificates?
----------------------------
+Certification Authority (CA) certificates are used to verify the link between your user certificate and the authority which issued it. They are also used to verify the link between the host certificate of a IT4Innovations server and the CA which issued that certificate. In essence they establish a chain of trust between you and the target server. Thus, for some grid services, users must have a copy of all the CA certificates.
+
+To assist users, SURFsara (a member of PRACE) provides a complete and up-to-date bundle of all the CA certificates that any PRACE user (or IT4Innovations grid services user) will require. Bundle of certificates, in either p12, PEM or JKS formats, are available from <http://winnetou.sara.nl/prace/certs/>.
-Certification Authority (CA) certificates are used to verify the link
-between your user certificate and the authority which issued it. They
-are also used to verify the link between the host certificate of a
-IT4Innovations server and the CA which issued that certificate. In
-essence they establish a chain of trust between you and the target
-server. Thus, for some grid services, users must have a copy of all the
-CA certificates.
-
-To assist users, SURFsara (a member of PRACE) provides a complete and
-up-to-date bundle of all the CA certificates that any PRACE user (or
-IT4Innovations grid services user) will require. Bundle of certificates,
-in either p12, PEM or JKS formats, are available from
-<http://winnetou.sara.nl/prace/certs/>.
-
-It is worth noting that gsissh-term and DART automatically updates their
-CA certificates from this SURFsara website. In other cases, if you
-receive a warning that a server’s certificate can not be validated (not
-trusted), then please update your CA certificates via the SURFsara
-website. If this fails, then please contact the IT4Innovations helpdesk.
-
-Lastly, if you need the CA certificates for a personal Globus 5
-installation, then you can install the CA certificates from a MyProxy
-server with the following command.
+It is worth noting that gsissh-term and DART automatically updates their CA certificates from this SURFsara website. In other cases, if you receive a warning that a server’s certificate can not be validated (not trusted), then please update your CA certificates via the SURFsara website. If this fails, then please contact the IT4Innovations helpdesk.
+Lastly, if you need the CA certificates for a personal Globus 5 installation, then you can install the CA certificates from a MyProxy server with the following command.
+
+```bash
myproxy-get-trustroots -s myproxy-prace.lrz.de
+```
-If you run this command as ’root’, then it will install the certificates
-into /etc/grid-security/certificates. If you run this not as ’root’,
-then the certificates will be installed into
-$HOME/.globus/certificates. For Globus, you can download the
-globuscerts.tar.gz packet from <http://winnetou.sara.nl/prace/certs/>.
+If you run this command as ’root’, then it will install the certificates into /etc/grid-security/certificates. If you run this not as ’root’, then the certificates will be installed into $HOME/.globus/certificates. For Globus, you can download the globuscerts.tar.gz packet from <http://winnetou.sara.nl/prace/certs/>.
Q: What is a DN and how do I find mine?
---------------------------------------
+DN stands for Distinguished Name and is part of your user certificate. IT4Innovations needs to know your DN to enable your account to use the grid services. You may use openssl (see below) to determine your DN or, if your browser contains your user certificate, you can extract your DN from your browser.
-DN stands for Distinguished Name and is part of your user certificate.
-IT4Innovations needs to know your DN to enable your account to use the
-grid services. You may use openssl (see below) to determine your DN or,
-if your browser contains your user certificate, you can extract your DN
-from your browser.
-
-For Internet Explorer users, the DN is referred to as the "subject" of
-your certificate. Tools->Internet
-Options->Content->Certificates->View->Details->Subject.
+For Internet Explorer users, the DN is referred to as the "subject" of your certificate. Tools->Internet Options->Content->Certificates->View->Details->Subject.
-For users running Firefox under Windows, the DN is referred to as the
-"subject" of your certificate.
-Tools->Options->Advanced->Encryption->View Certificates.
-Highlight your name and then Click View->Details->Subject.
+For users running Firefox under Windows, the DN is referred to as the "subject" of your certificate. Tools->Options->Advanced->Encryption->View Certificates. Highlight your name and then Click View->Details->Subject.
Q: How do I use the openssl tool?
---------------------------------
-
The following examples are for Unix/Linux operating systems only.
To convert from PEM to p12, enter the following command:
+```bash
openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out
username.p12
+```
To convert from p12 to PEM, type the following *four* commands:
+```bash
openssl pkcs12 -in username.p12 -out usercert.pem -clcerts -nokeys
openssl pkcs12 -in username.p12 -out userkey.pem -nocerts
chmod 444 usercert.pem
chmod 400 userkey.pem
+```
To check your Distinguished Name (DN), enter the following command:
+```bash
openssl x509 -in usercert.pem -noout -subject -nameopt
RFC2253
+```
-To check your certificate (e.g., DN, validity, issuer, public key
-algorithm, etc.), enter the following command:
+To check your certificate (e.g., DN, validity, issuer, public key algorithm, etc.), enter the following command:
+```bash
openssl x509 -in usercert.pem -text -noout
+```
-To download openssl for both Linux and Windows, please visit
-<http://www.openssl.org/related/binaries.html>. On Macintosh Mac OS X
-computers openssl is already pre-installed and can be used immediately.
+To download openssl for both Linux and Windows, please visit <http://www.openssl.org/related/binaries.html>. On Macintosh Mac OS X computers openssl is already pre-installed and can be used immediately.
Q: How do I create and then manage a keystore?
----------------------------------------------
+IT4innovations recommends the java based keytool utility to create and manage keystores, which themselves are stores of keys and certificates. For example if you want to convert your pkcs12 formatted key pair into a java keystore you can use the following command.
-IT4innovations recommends the java based keytool utility to create and
-manage keystores, which themselves are stores of keys and certificates.
-For example if you want to convert your pkcs12 formatted key pair into a
-java keystore you can use the following command.
-
+```bash
keytool -importkeystore -srckeystore $my_p12_cert -destkeystore
$my_keystore -srcstoretype pkcs12 -deststoretype jks -alias
$my_nickname -destalias $my_nickname
+```
-where $my_p12_cert is the name of your p12 (pkcs12) certificate,
-$my_keystore is the name that you give to your new java keystore and
-$my_nickname is the alias name that the p12 certificate was given and
-is used also for the new keystore.
+where $my_p12_cert is the name of your p12 (pkcs12) certificate, $my_keystore is the name that you give to your new java keystore and $my_nickname is the alias name that the p12 certificate was given and is used also for the new keystore.
-You also can import CA certificates into your java keystore with the
-tool, e.g.:
+You also can import CA certificates into your java keystore with the tool, e.g.:
+```bash
keytool -import -trustcacerts -alias $mydomain -file $mydomain.crt -keystore $my_keystore
+```
-where $mydomain.crt is the certificate of a trusted signing authority
-(CA) and $mydomain is the alias name that you give to the entry.
+where $mydomain.crt is the certificate of a trusted signing authority (CA) and $mydomain is the alias name that you give to the entry.
-More information on the tool can be found
-at:<http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html>
+More information on the tool can be found at:<http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html>
Q: How do I use my certificate to access the different grid Services?
---------------------------------------------------------------------
+Most grid services require the use of your certificate; however, the format of your certificate depends on the grid Service you wish to employ.
+
+If employing the PRACE version of GSISSH-term (also a Java Web Start Application), you may use either the PEM or p12 formats. Note that this service automatically installs up-to-date PRACE CA certificates.
-Most grid services require the use of your certificate; however, the
-format of your certificate depends on the grid Service you wish to
-employ.
-
-If employing the PRACE version of GSISSH-term (also a Java Web Start
-Application), you may use either the PEM or p12 formats. Note that this
-service automatically installs up-to-date PRACE CA certificates.
-
-If the grid service is UNICORE, then you bind your certificate, in
-either the p12 format or JKS, to UNICORE during the installation of the
-client on your local machine. For more information, please visit
-[UNICORE6 in PRACE](http://www.prace-ri.eu/UNICORE6-in-PRACE)
-
-If the grid service is part of Globus, such as GSI-SSH, GriFTP or GRAM5,
-then the certificates can be in either p12 or PEM format and must reside
-in the "$HOME/.globus" directory for Linux and Mac users or
-%HOMEPATH%.globus for Windows users. (Windows users will have to use
-the DOS command ’cmd’ to create a directory which starts with a ’.’).
-Further, user certificates should be named either "usercred.p12" or
-"usercert.pem" and "userkey.pem", and the CA certificates must be kept
-in a pre-specified directory as follows. For Linux and Mac users, this
-directory is either $HOME/.globus/certificates or
-/etc/grid-security/certificates. For Windows users, this directory is
-%HOMEPATH%.globuscertificates. (If you are using GSISSH-Term from
-prace-ri.eu then you do not have to create the .globus directory nor
-install CA certificates to use this tool alone).
+If the grid service is UNICORE, then you bind your certificate, in either the p12 format or JKS, to UNICORE during the installation of the client on your local machine. For more information, please visit [UNICORE6 in PRACE](http://www.prace-ri.eu/UNICORE6-in-PRACE)
+
+If the grid service is part of Globus, such as GSI-SSH, GriFTP or GRAM5, then the certificates can be in either p12 or PEM format and must reside in the "$HOME/.globus" directory for Linux and Mac users or %HOMEPATH%.globus for Windows users. (Windows users will have to use the DOS command ’cmd’ to create a directory which starts with a ’.’). Further, user certificates should be named either "usercred.p12" or "usercert.pem" and "userkey.pem", and the CA certificates must be kept in a pre-specified directory as follows. For Linux and Mac users, this directory is either $HOME/.globus/certificates or /etc/grid-security/certificates. For Windows users, this directory is %HOMEPATH%.globuscertificates. (If you are using GSISSH-Term from prace-ri.eu then you do not have to create the .globus directory nor install CA certificates to use this tool alone).
Q: How do I manually import my certificate into my browser?
-----------------------------------------------------------
+If you employ the Firefox browser, then you can import your certificate by first choosing the "Preferences" window. For Windows, this is Tools->Options. For Linux, this is Edit->Preferences. For Mac, this is Firefox->Preferences. Then, choose the "Advanced" button; followed by the "Encryption" tab. Then, choose the "Certificates" panel; select the option "Select one automatically" if you have only one certificate, or "Ask me every time" if you have more then one. Then click on the "View Certificates" button to open the "Certificate Manager" window. You can then select the "Your Certificates" tab and click on button "Import". Then locate the PKCS12 (.p12) certificate you wish to import, and employ its associated password.
+
+If you are a Safari user, then simply open the "Keychain Access" application and follow "File->Import items".
-If you employ the Firefox browser, then you can import your certificate
-by first choosing the "Preferences" window. For Windows, this is
-Tools->Options. For Linux, this is Edit->Preferences. For Mac,
-this is Firefox->Preferences. Then, choose the "Advanced" button;
-followed by the "Encryption" tab. Then, choose the "Certificates" panel;
-select the option "Select one automatically" if you have only one
-certificate, or "Ask me every time" if you have more then one. Then
-click on the "View Certificates" button to open the "Certificate
-Manager" window. You can then select the "Your Certificates" tab and
-click on button "Import". Then locate the PKCS12 (.p12) certificate you
-wish to import, and employ its associated password.
-
-If you are a Safari user, then simply open the "Keychain Access"
-application and follow "File->Import items".
-
-If you are an Internet Explorer user, click
-Start->Settings->Control Panel and then double-click on Internet.
-On the Content tab, click Personal, and then click Import. In the
-Password box, type your password. NB you may be prompted multiple times
-for your password. In the "Certificate File To Import" box, type the
-filename of the certificate you wish to import, and then click OK. Click
-Close, and then click OK.
+If you are an Internet Explorer user, click Start->Settings->Control Panel and then double-click on Internet. On the Content tab, click Personal, and then click Import. In the Password box, type your password. NB you may be prompted multiple times for your password. In the "Certificate File To Import" box, type the filename of the certificate you wish to import, and then click OK. Click Close, and then click OK.
Q: What is a proxy certificate?
-------------------------------
-
-A proxy certificate is a short-lived certificate which may be employed
-by UNICORE and the Globus services. The proxy certificate consists of a
-new user certificate and a newly generated proxy private key. This proxy
-typically has a rather short lifetime (normally 12 hours) and often only
-allows a limited delegation of rights. Its default location, for
-Unix/Linux, is /tmp/x509_u*uid* but can be set via the
-$X509_USER_PROXY environment variable.
+A proxy certificate is a short-lived certificate which may be employed by UNICORE and the Globus services. The proxy certificate consists of a new user certificate and a newly generated proxy private key. This proxy typically has a rather short lifetime (normally 12 hours) and often only allows a limited delegation of rights. Its default location, for Unix/Linux, is /tmp/x509_u*uid* but can be set via the $X509_USER_PROXY environment variable.
Q: What is the MyProxy service?
-------------------------------
-
-[The MyProxy Service](http://grid.ncsa.illinois.edu/myproxy/)
-, can be employed by gsissh-term and Globus tools, and is
-an online repository that allows users to store long lived proxy
-certificates remotely, which can then be retrieved for use at a later
-date. Each proxy is protected by a password provided by the user at the
-time of storage. This is beneficial to Globus users as they do not have
-to carry their private keys and certificates when travelling; nor do
-users have to install private keys and certificates on possibly insecure
-computers.
+[The MyProxy Service](http://grid.ncsa.illinois.edu/myproxy/) , can be employed by gsissh-term and Globus tools, and is an online repository that allows users to store long lived proxy certificates remotely, which can then be retrieved for use at a later date. Each proxy is protected by a password provided by the user at the time of storage. This is beneficial to Globus users as they do not have to carry their private keys and certificates when travelling; nor do users have to install private keys and certificates on possibly insecure computers.
Q: Someone may have copied or had access to the private key of my certificate either in a separate file or in the browser. What should I do?
---------------------------------------------------------------------------------------------------------------------------------------------
-
-Please ask the CA that issued your certificate to revoke this certifcate
-and to supply you with a new one. In addition, please report this to
-IT4Innovations by contacting [the support
-team](https://support.it4i.cz/rt).
+Please ask the CA that issued your certificate to revoke this certifcate and to supply you with a new one. In addition, please report this to IT4Innovations by contacting [the support team](https://support.it4i.cz/rt).
\ No newline at end of file
diff --git a/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/obtaining-login-credentials.md b/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/obtaining-login-credentials.md
index 3cbe8e75..c10c1392 100644
--- a/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/obtaining-login-credentials.md
+++ b/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/obtaining-login-credentials.md
@@ -1,73 +1,40 @@
-Obtaining Login Credentials
+Obtaining Login Credentials
===========================
-
-
Obtaining Authorization
-----------------------
-
-The computational resources of IT4I Â are allocated by the Allocation
-Committee to a [Project](../introduction.html),
-investigated by a Primary Investigator. By allocating the computational
-resources, the Allocation Committee is authorizing the PI to access and
-use the clusters. The PI may decide to authorize a number of her/his
-Collaborators to access and use the clusters, to consume the resources
-allocated to her/his Project. These collaborators will be associated to
-the Project. The Figure below is depicting the authorization chain:
+The computational resources of IT4I  are allocated by the Allocation Committee to a [Project](../introduction.md), investigated by a Primary Investigator. By allocating the computational resources, the Allocation Committee is authorizing the PI to access and use the clusters. The PI may decide to authorize a number of her/his Collaborators to access and use the clusters, to consume the resources allocated to her/his Project. These collaborators will be associated to the Project. The Figure below is depicting the authorization chain:
-Â You need to either [become the
-PI](../applying-for-resources.html) or [be named as a
-collaborator](obtaining-login-credentials.html#authorization-of-collaborator-by-pi)
-by a PI in order to access and use the clusters.
+You need to either [become the PI](../applying-for-resources.md) or [be named as a collaborator](obtaining-login-credentials.md#authorization-of-collaborator-by-pi) by a PI in order to access and use the clusters.
-Head of Supercomputing Services acts as a PI of a project DD-13-5.
-Joining this project, you may **access and explore the clusters**, use
-software, development environment and computers via the qexp and qfree
-queues. You may use these resources for own education/research, no
-paperwork is required. All IT4I employees may contact the Head of
-Supercomputing Services in order to obtain **free access to the
-clusters**.
+Head of Supercomputing Services acts as a PI of a project DD-13-5. Joining this project, you may **access and explore the clusters**, use software, development environment and computers via the qexp and qfree queues. You may use these resources for own education/research, no paperwork is required. All IT4I employees may contact the Head of Supercomputing Services in order to obtain **free access to the clusters**.
### Authorization of PI by Allocation Committee
-The PI is authorized to use the clusters by the allocation decision
-issued by the Allocation Committee.The PI will be informed by IT4I about
-the Allocation Committee decision.
+The PI is authorized to use the clusters by the allocation decision issued by the Allocation Committee.The PI will be informed by IT4I about the Allocation Committee decision.
### Authorization by web
-This is a preferred way of granting access to project resources.
-Please, use this method whenever it's possible.
+This is a preferred way of granting access to project resources. Please, use this method whenever it's possible.
-Log in to the [IT4I Extranet
-portal](https://extranet.it4i.cz) using IT4I credentials
-and go to the **Projects** section.
+Log in to the [IT4I Extranet portal](https://extranet.it4i.cz) using IT4I credentials and go to the **Projects** section.
-- **Users:** Please, submit your requests for becoming a
- project member.
-- **Primary Investigators:** Please, approve or deny users' requests
- in the same section.
+- **Users:** Please, submit your requests for becoming a project member.
+- **Primary Investigators:** Please, approve or deny users' requests in the same section.
### Authorization by e-mail (an alternative approach)
-Â In order to authorize a Collaborator to utilize the allocated
-resources, the PI should contact the [IT4I
-support](https://support.it4i.cz/rt/) (E-mail: [support
-[at] it4i.cz](mailto:support%20%5Bat%5D%20it4i.cz)) and provide
-following information:
+Â In order to authorize a Collaborator to utilize the allocated resources, the PI should contact the [IT4I support](https://support.it4i.cz/rt/) (E-mail: [support [at] it4i.cz](mailto:support%20%5Bat%5D%20it4i.cz)) and provide following information:
1. Identify your project by project ID
-2. Provide list of people, including himself, who are authorized to use
- the resources allocated to the project. The list must include full
- name, e-mail and affiliation. Provide usernames as well, ifÂ
- collaborator login access already exists on the IT4I systems.
+2. Provide list of people, including himself, who are authorized to use the resources allocated to the project. The list must include full name, e-mail and affiliation. Provide usernames as well, if collaborator login access already exists on the IT4I systems.
3. Include "Authorization to IT4Innovations" into the subject line.
-Example (except the subject line which must be in English, you may use
-Czech or Slovak language for communication with us):
+Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
+```bash
Subject: Authorization to IT4Innovations
Dear support,
@@ -81,38 +48,25 @@ Czech or Slovak language for communication with us):
Thank you,
PI
(Digitally signed)
+```
-Should the above information be provided by e-mail, the e-mail **must
-be** digitally signed. Read more on [digital
-signatures](obtaining-login-credentials.html#the-certificates-for-digital-signatures)
-below.
+Should the above information be provided by e-mail, the e-mail **must be** digitally signed. Read more on [digital signatures](obtaining-login-credentials.md#the-certificates-for-digital-signatures) below.
The Login Credentials
-------------------------
-
-Once authorized by PI, every person (PI or Collaborator) wishing to
-access the clusters, should contact the [IT4I
-support](https://support.it4i.cz/rt/) (E-mail: [support
-[at] it4i.cz](mailto:support%20%5Bat%5D%20it4i.cz)) providing
-following information:
+Once authorized by PI, every person (PI or Collaborator) wishing to access the clusters, should contact the [IT4I support](https://support.it4i.cz/rt/) (E-mail: [support [at] it4i.cz](mailto:support%20%5Bat%5D%20it4i.cz)) providing following information:
1. Project ID
2. Full name and affiliation
-3. Statement that you have read and accepted the [Acceptable use policy
- document](http://www.it4i.cz/acceptable-use-policy.pdf) (AUP).
+3. Statement that you have read and accepted the [Acceptable use policy document](http://www.it4i.cz/acceptable-use-policy.pdf) (AUP).
4. Attach the AUP file.
-5. Your preferred username, max 8 characters long. The preferred
- username must associate your surname and name or be otherwise
- derived from it. Only alphanumeric sequences, dash and underscore
- signs are allowed.
-6. In case you choose [Alternative way to personal
- certificate](obtaining-login-credentials.html#alternative-way-of-getting-personal-certificate),
- a **scan of photo ID** (personal ID or passport or driver license)
- is required
-
-Example (except the subject line which must be in English, you may use
-Czech or Slovak language for communication with us):
+5. Your preferred username, max 8 characters long. The preferred username must associate your surname and name or be otherwise derived from it. Only alphanumeric sequences, dash and underscore signs are allowed.
+6. In case you choose [Alternative way to personal certificate](obtaining-login-credentials.md#alternative-way-of-getting-personal-certificate),
+ a **scan of photo ID** (personal ID or passport or driver license) is required
+Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
+
+```bash
Subject: Access to IT4Innovations
Dear support,
@@ -126,141 +80,85 @@ Czech or Slovak language for communication with us):
Thank you,
John Smith
(Digitally signed)
+```
-Should the above information be provided by e-mail, the e-mail **must
-be** digitally signed. To sign an e-mail, you need digital certificate.
-Read more on [digital
-signatures](obtaining-login-credentials.html#the-certificates-for-digital-signatures)
-below.
+Should the above information be provided by e-mail, the e-mail **must be** digitally signed. To sign an e-mail, you need digital certificate. Read more on [digital signatures](obtaining-login-credentials.md#the-certificates-for-digital-signatures) below.
-Digital signature allows us to confirm your identity in remote
-electronic communication and provides an encrypted channel to exchange
-sensitive information such as login credentials. After receiving your
-signed e-mail with the requested information, we will send you your
-login credentials (user name, key, passphrase and password) to access
-the IT4I systems.
+Digital signature allows us to confirm your identity in remote electronic communication and provides an encrypted channel to exchange sensitive information such as login credentials. After receiving your signed e-mail with the requested information, we will send you your login credentials (user name, key, passphrase and password) to access the IT4I systems.
-We accept certificates issued by any widely respected certification
-authority.
+We accept certificates issued by any widely respected certification authority.
-For various reasons we do not accept PGP keys.** Please, use only
-X.509 PKI certificates for communication with us.**
+For various reasons we do not accept PGP keys.** Please, use only X.509 PKI certificates for communication with us.**
-You will receive your personal login credentials by protected e-mail.
-The login credentials include:
+You will receive your personal login credentials by protected e-mail. The login credentials include:
1. username
2. ssh private key and private key passphrase
3. system password
-The clusters are accessed by the [private
-key](../accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.html)
-and username.
-Username and password is used for login to the information systems
-listed on <http://support.it4i.cz/>.
+The clusters are accessed by the [private key](../accessing-the-clusters/ssh-keys.md) and username. Username and password is used for login to the information systems listed on <http://support.it4i.cz/>.
### Change Passphrase
On Linux, use
-`
+```bash
local $ ssh-keygen -f id_rsa -p
-`
+```
-On Windows, use [PuTTY Key
-Generator](../accessing-the-clusters/shell-access-and-data-transfer/putty/puttygen.html).
+On Windows, use [PuTTY Key Generator](../accessing-the-clusters/shell-access-and-data-transfer/puttygen.md).
### Change Password
-Change password in your user profile atÂ
-<https://extranet.it4i.cz/user/>
+Change password in your user profile at <https://extranet.it4i.cz/user/>
The Certificates for Digital Signatures
-------------------------------------------
-
-We accept personal certificates issued by any widely respected
-certification authority (CA). This includes certificates by CAs
-organized in International Grid Trust Federation
-(<http://www.igtf.net/>), its European branch EUGridPMA -
-<https://www.eugridpma.org/> and its member organizations, e.g. the
-CESNET certification authority - <https://tcs-p.cesnet.cz/confusa/>. The
-Czech *"Qualified certificate" (Kvalifikovaný certifikát)* (provided by
-<http://www.postsignum.cz/> or
-<http://www.ica.cz/Kvalifikovany-certifikat.aspx>), that is used in
-electronic contact with Czech authorities is accepted as well.
+We accept personal certificates issued by any widely respected certification authority (CA). This includes certificates by CAs organized in International Grid Trust Federation (<http://www.igtf.net/>), its European branch EUGridPMA - <https://www.eugridpma.org/> and its member organizations, e.g. the CESNET certification authority - <https://tcs-p.cesnet.cz/confusa/>. The Czech *"Qualified certificate" (Kvalifikovaný certifikát)* (provided by <http://www.postsignum.cz/> or <http://www.ica.cz/Kvalifikovany-certifikat.aspx>), that is used in electronic contact with Czech authorities is accepted as well.
Certificate generation process is well-described here:
-- [How to generate a personal TCS certificate in Mozilla Firefox web
- browser
- (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-gen)
-
-Â
+- [How to generate a personal TCS certificate in Mozilla Firefox web browser (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-gen)
-A FAQ about certificates can be found here: >[Certificates
-FAQ](certificates-faq.html).
+A FAQ about certificates can be found here: >[Certificates FAQ](certificates-faq.md).
Alternative Way to Personal Certificate
-------------------------------------------
-
-Follow these steps **only** if you can not obtain your certificate in a
-standard way.
-In case you choose this procedure, please attach a **scan of photo ID**
-(personal ID or passport or drivers license) when applying for [login
-credentials](obtaining-login-credentials.html#the-login-credentials).
+Follow these steps **only** if you can not obtain your certificate in a standard way. In case you choose this procedure, please attach a **scan of photo ID** (personal ID or passport or drivers license) when applying for [login credentials](obtaining-login-credentials.md#the-login-credentials).
1. Go to <https://www.cacert.org/>.
- If there's a security warning, just acknowledge it.
-
2. Click *Join*.
3. Fill in the form and submit it by the *Next* button.
- - Type in the e-mail address which you use for communication
- with us.
+ - Type in the e-mail address which you use for communication with us.
- Don't forget your chosen *Pass Phrase*.
-
4. You will receive an e-mail verification link. Follow it.
-5. After verifying, go to the CAcert's homepage and login using
- *Password Login*.
+5. After verifying, go to the CAcert's homepage and login using *Password Login*.
6. Go to *Client Certificates* -> *New*.
7. Tick *Add* for your e-mail address and click the *Next* button.
8. Click the *Create Certificate Request* button.
-9. You'll be redirected to a page from where you can download/install
- your certificate.
- - Simultaneously you'll get an e-mail with a link to
- the certificate.
+9. You'll be redirected to a page from where you can download/install your certificate.
+ - Simultaneously you'll get an e-mail with a link to the certificate.
Installation of the Certificate Into Your Mail Client
-----------------------------------------------------
-
The procedure is similar to the following guides:
- MS Outlook 2010
- - [How to Remove, Import, and Export Digital
- Certificates](http://support.microsoft.com/kb/179380)
- - [Importing a PKCS #12 certificate
- (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/outl-cert-imp)
+ - [How to Remove, Import, and Export Digital certificates](http://support.microsoft.com/kb/179380)
+ - [Importing a PKCS #12 certificate (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/outl-cert-imp)
- Mozilla Thudnerbird
- - [Installing an SMIME
- certificate](http://kb.mozillazine.org/Installing_an_SMIME_certificate)
- - [Importing a PKCS #12 certificate
- (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-imp)
+ - [Installing an SMIME certificate](http://kb.mozillazine.org/Installing_an_SMIME_certificate)
+ - [Importing a PKCS #12 certificate (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-imp)
End of User Account Lifecycle
-----------------------------
+User accounts are supported by membership in active Project(s) or by affiliation to IT4Innovations. User accounts, that loose the support (meaning, are not attached to an active project and are not affiliated with IT4I), will be deleted 1 year after the last project to which they were attached expires.
-User accounts are supported by membership in active Project(s) or by
-affiliation to IT4Innovations. User accounts, that loose the support
-(meaning, are not attached to an active project and are not affiliated
-with IT4I), will be deleted 1 year after the last project to which they
-were attached expires.
-
-User will get 3 automatically generated warning e-mail messages of the
-pending removal:.
+User will get 3 automatically generated warning e-mail messages of the pending removal:.
- First message will be sent 3 months before the removal
- Second message will be sent 1 month before the removal
- Third message will be sent 1 week before the removal.
-The messages will inform about the projected removal date and will
-challenge the user to migrate her/his data
-
+The messages will inform about the projected removal date and will challenge the user to migrate her/his data
\ No newline at end of file
--
GitLab