Belle II membership
In order to become a member of the Belle II collaboration refer to NewComers. After that, in order to access the Belle II collaborative services, which are hosted at DESY, you need an account. The procedure to obtain this account is described below. Please read this page carefully and also see the warnings on the right before you proceed.
The standard Belle II Registration procedure for official Belle II members is based on Grid user certificates. Step-by-step instructions to obtain and use Grid user certificates are in the lower part of this page. There are other possibilities though to register without a Grid user certificate. Please read ahead:
Belle II collaborators, who have (had) already a DESY account, may want to try out whether their account has already been enabled for Belle II by trying to log into bastion.desy.de. In case of problems please contact b2-registration-support_AT_belle2.org. See also the warnings on the right side of this page.
Belle II collaborators, who hold a Grid user certificates and are in the Belle II members list can go directly to the registration portal. Make sure the name fields are filled correctly (see warnings on this page on the right) and your e-mail address is consistent with the Belle II members list.
Alternatively, in particular for users who are not (yet) in the Belle II members list, a paper-based registration procedure is available.The two main steps of authentication ('Who are you?') and authorization ('Are you in Belle II?') have to be carried out manually. Therefore it will require more work from your side and from the administrators in your and our institute. Hence we would like to strongly encourage you again to go for the Grid user certificate based registration since you will need this certificate later on for accessing data and submitting jobs in the Belle II Grid anyway. See Belle II Paper-based Registration.
Students of Belle II who are not (yet) in the Belle II members list must use the Belle II Paper-based Registration. Make sure the form is signed by your institute representative!
B2TiP (non-Belle II) members of the Belle II theory platform (B2TiP) please refer to Belle II Registration for B2TiP Users. Belle II members should contact Phillip Urquijo and b2-registration-support_AT_belle2.org to become members of this special group.
External (non-Belle II) members who needed access please refer to Belle II Registration for External Users.
After your account has been created (it takes a few hours) you get further instructions by e-mail. Attention: Make sure those confirmation e-mails do not end up in SPAM filters! After that you have to change your initial password within the next 5 days on http://passwd.desy.de.
Computing ressources (NAF)
At the bottom of the request portal you are asked to agree to the 'Conditions of Use for Information-Processing Systems at DESY'. The underlying document regulates the legal side of the usage of computers at DESY. The document is rather old and will be consolidated. Some links target on local users and are therefore internal. The document contains links to pages which are not relevant for abroad users, such as the local work council 'http://www.desy.de/betriebsrat'.
You may find more answers in the (FAQ) section.
You have questions concerning your e-mail addresses? Please check Belle II E-mail Addresses .
Make sure all names are reasonable. The portal might take unreasonable entries from your Grid user certificate, e.g. numbers or e-mail addresses in the name fields. The order of given / family name might be different, e.g. in Asia. Please correct, if needed.
Also make sure your e-mail address is consistent with the one on the Belle II member list and if applicable in the VOMS server.
Please obey the here. In particular please do not use name or account as part of the password.
Users who have already a DESY account (even an expired one) may want to try out first if they can use the the account. If in doubt, contact b2-registration-support_AT_belle2.org . Please do not register via the portal!
On any rate, never register twice as long as you are not explicitly asked for.
Please be reminded that users are liable to the 'Conditions of Use for Information-Processing Systems at DESY' which everybody signed when requesting credentials. In particular Article 5 Users’ Rights and Duties, section f:
Users are obliged to ensure that no other persons gain knowledge of user passwords and to take care to ensure that no unauthorised persons gain access to the information-processing systems, this also includes protecting access by a password that must be kept secret and which meets the requirements for DESY passwords (“DESY- Passwortregeln”).
In essence: Keep your password private.
The Grid User Certificate based Registration Procedure
If you do not have your Grid user certificate, start from the section 1.
If you have already obtained your Grid user certificate but have not imported it into the browser, go to section 2.
If you have already imported your Grid user certificate into your browser but do not have belle VO membership yet, go to section 4.
If you have already joined the belle VO (=Virtual Organization), go to the section 5
1. Obtain a Grid certificate
If you have already obtained your Grid user certificate, go to the section 2.
You need to obtain a Grid user certificate from your local certification authority (CA).
The procedure may be different in each country. If you are not familiar with it, please ask someone who has already requested a Grid user certificate.
If you cannot find the proper Grid CA in your country in the table, please contact the Belle II computing coordinator (takanori.hara_AT_kek.jp)
The password you type in when requesting a Grid user certificate will be needed later. Since it is private, only you know it, please note it!
|Australia||/C=BM/CN=QuoVadis Grid ICA /OU=Issuing Certification Authority/O=QuoVadisLimited||https://rc.coepp.org.au/tutorial/grid|
/C=AT/O=AustrianGrid/OU=Certification Authority/CN=Certificate Issuer
|Canada||/C=CA/O=Grid/CN=Grid Canada Certificate Authority||http://www.gridcanada.ca/|
|China||/C=CN/O=HEP/CN=Institute of High Energy Physics Certification Authority|
|Czech Republic||/DC=cz/DC=cesnet-ca/O=CESNET CA/CN=CESNET CA 3|
/C=NL/O=TERENA/CN=TERENA eScience Personal CA
/DC=IN/DC=GARUDAINDIA/CN=Indian Grid Certification Authority
|Japan||/C=JP/O=KEK/OU=CRC/CN=KEK GRID Certificate Authority|
|Korea||/C=KR/O=KISTI/O=GRID/CN=KISTI Grid Certificate Authority||http://ca.gridcenter.or.kr|
|Malaysia||/DC=MY/DC=UPM/DC=MYIFAM/C=MY/O=MYIFAM/CN=Malaysian Identity Federation and Access Management||http://myifam.upm.my/|
|Poland||/C=PL/O=GRID/CN=Polish Grid CA||http://www.man.poznan.pl/plgrid-ca/|
|Russia||/C=RU/O=RDIG/CN=Russian Data-Intensive Grid CA||http://ca.grid.kiae.ru/RDIG/|
|Taiwan||/C=TW/O=AS/CN=Academia Sinica Grid Computing Certification Authority Mercury||http://ca.grid.sinica.edu.tw/|
|U.S.A.||/DC=com/DC=DigiCert-Grid/O=DigiCert Grid/CN=DigiCert Grid CA-1||http://oim.grid.iu.edu/oim/certificate|
2. After you obtained a Grid user certificate
Depending on the CA, you may get your Grid user certificate in one of the following formats;
- A pair of PEM files (e.g. usercert.pem and userkey.pem)
- A PKCS12 file (eg. MyCert.p12 or ca.cer)
- If the cert is sent to you by e-mail, copy the cert part to a file such as mycert.cer and import this into your browser
- The certificate is retrieved via the browser and is therefore then already in your web browser
In case your certificate is provided in PEM format, you need to convert it to PKCS12 format (e.g. KEK Grid CA case)
- log in KEKCC (work server) or some server which you can use "openssl" command.
- In your home directory, make a directory .globus (don't forget the full stop)
- Put the public part of your certificate (usually usercert.pem ) as ~/.globus/usercert.pem :
e.g. mv usercert.pem ~/.globus/usercert.pem
- Put the private part of the certificate (usually userkey.pem ) as ~/.globus/userkey.pem and make sure that the file is readable only by yourself and it is readonly :
e.g. mv usercert.pem ~/.globus/userkey.pem ; chmod 400 ~/.globus/userkey.pem
- Use OpenSSL to convert the certificate from PEM to PKCS12 format
openssl pkcs12 -export -in ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -out ~/usercert.p12 ; chmod 400 ~/usercert.p12
- Follow the section 3 to load the PKCS12 onto your web browser
In case your certificate is provided in PKCS12 format, follow section 3 to load it into you web browser
In case your certificate is already installed in your browser, follow section 4 to get your belle VO membership.
3. Load your certificate into the web browser
If you already have your certificate loaded into your web browser, you can skip this section.
You need to load your grid user certificate into your web browser if it is obtained in a file format and not automatically loaded onto the browser.
Now you must have your certificate in PKCS12 (.p12) format, you can import it into your web browser. The way to import it depends on the browser. This page can help you.
If you get your certificate from KEK GRID CA, please follow this instructions.
Some further information how to work with certificates can for example be found here.
4. Get the belle VO (Virtual Organization) membership
First, make your browser trust the KEK GRID CA:
- download the KEK GRID CA certificate file from KEK-Grid-CA.cer.
- Import the downloaded file KEK-Grid-CA.cer to your Web browser as a "Certificate Authority".
- The procedure is very much similar to loading your PKCS12 certificate, but select "Authorities" instead of "Your Certificates".
- Check the expiration date of the KEK GRID CA certificate installed on the browser. It should be 2025/11/25.
Then, go to the VOMS page: https://voms.cc.kek.jp:8443/voms/belle (NOT 'belle2.org')
- If you are new to VOMS, you should see the registration page
- Click Registration (Phase I) and fill out the form.
- You will receive an email - click the confirmation link.
- Fill out and submit the Phase II form.
- Your request will be approved by an administrator & you will receive an email.
- If you have already been registered in the belle VO in the past with the same DN, you should see your registered information.
- If your DN has changed with your new certificate, then you should first use the old certificate to visit the VOMS page, and add your new DN by clicking the button "Request new certificate".
If you cannot connect to the VOMS page, check if you can connect to http://voms.cc.kek.jp
If you cannot connect to the VOMS page with some security error (e.g. "Secure Connection Failed"), please verify that the KEK GRID CA certificate is installed to your browser as a Certificate Authority, and its expiration date is 2025/11/25. You may get more information if you need more help from the computing coordinator (email@example.com)
5. Apply for your DESY account
- Go to https://belle2-request.desy.de and fill out the form. It will ask you for some personal information in order to uniquely identify you. The personal data are stored in a secure internal database.
- Within one day you will get a confirmation e-mail that your account was created. You will be asked to change your password with 'passwd'. The new password is valid for confluence (wiki) and web pages as well!
- Your personal account can be used to access the Belle II collaborative tools at DESY, e.g. confluence (wiki).
- If you want to change your login shell from the default zsh, e.g. to bash or tcsh, contact firstname.lastname@example.org .
- In case you lose your password contact as well email@example.com .
- Unfortunately there is a VO 'belle2.org' which is obsolete. Please do NOT register with the VO 'ebbel2'org' but with 'belle' at https://voms.cc.kek.jp:8443/voms/belle .
- Errors such as "SSL_ERROR_HANDSHAKE_FAILURE_ALERT" indicate missing certificates in your browser. Please make sure that you have a valid Grid user certificate in your browser:
- Firefox: Preferences / Advanced / Certificates / View Certificates / Your Certificate