Requesting a service certificate from DOEGrids:

It should be as simple as finding a system with a recent VDT/OSG installation, issuing the following command and answering a few easy questions (actually, some (all?) of the questions can have answers provided in the command, but I didn't look them all up):

cert-request --agree --ou s --service https --host www.star.bnl.gov -dir .

But of course that didn't work "out-of-the-box" on STAR's grid nodes for several reasons:

1. perl-Crypt-SSLeay is not installed on the stargrid nodes
2. The available perl installations and libraries on the stargrid nodes are a mix of 32-bit and 64-bit pieces.  Both the OSG setup and the STAR environment muck around with the perl installations and libraries such that things just don't work if both environments are setup.  (This may be especially true using RHEL 5.6 - perhaps back at RHEL 5.3 it wasn't so muddled?)
3. The cert-request command creates https outbound traffic, which needs to be sent through a BNL perimeter proxy, and it chokes on the standard https_proxy string (https_proxy=http://squid.sec.bnl.local:3128/) that is part of the RACF user environment on the stargrid nodes.  (It appears to choke on the trailing slash.  It only appears in my wbetts account (tcsh shell) but not in the root account.)

Solutions/work-arounds:

1. yum install perl-Crypt-SSLeay
2. setenv PATH /opt/star/rh56_x8664_gcc432/bin:$PATH
3. setenv https_proxy proxy.sec.bnl.local:3128

After that, the request seems to have gone through successfully.  cert-retrieve requires the same fixes to work.