During the test-user certificate generation, arcctl test-ca will automatically add the issued certificate subject to the testCA.allowed-subjects file,
opening the job submission possiblity to the test-user transparently. the testCA.allowed-subjects can be found in your /etc/grid-security folder.
No other subject will be able to submit to your system before you change the authgroup settings in arc.conf,
which you will do once you configure ARC for production use.
You can test submission from the host running A-REX or from any other machine by following the instructions below.
To generate a test certificate/key and install it to standard location inside a local user’s home directory, run:
[root@server]# arcctl test-ca usercert --install-user user01
User certificate and key are installed to default /home/user01/.globus location for user user01.
Note
Replace user01 with the actual username you want to submit jobs by. While it is technically possible to submit jobs as the root user, we strongly discourage that.
To generate a test certificate/key for a remote client, two steps are needed.
First create a tar-ball containing usercert, ca-certs and setup script using the TestCA automatically setup on your ARC-CE server:
[root@server]# arcctl test-ca usercert -t
[2025-08-06 18:44:20,340] [ARCCTL.TestCA] [INFO] [53878] [Certificate and key for user Test User 80404674 are exported to usercert-Test-User-80404674.tar.gz]
[2025-08-06 18:44:20,341] [ARCCTL.TestCA] [INFO] [53878] [Printing usage instructions for tarball]
tar xzf usercert-Test-User-80404674.tar.gz
source arc-testca-usercert/setenv.sh
In addition it adds the newly created x509 user certificate subject in the file /etc/grid-security/testCA.allowed-subjects which will ensure that jobs and other requests issued by a user with this certificate is accepted.
Next copy the tar-ball over to your client machine by a method of your choice (e.g. scp), and run the two commands as per instructions above:
[user@client]$ tar -xzvf usercert-Test-User-80404674.tar.gz
[user@client]$ source arc-testca-usercert/setenv.sh
This sets up the necessary env vars and trust between the ARC-CE and ARC client machine.
Note
When you set up your production ready service later on, you will remove the test-CA related files, and configure authentication following instructions in Authorization, Mapping and Queue selection rules.