Sections

Deployment

Users

Administrators

Security

Grid Certificates

Grid Certificates

Much of the security in the Grid depends on the use of digital certificates. If you want to make use of Grid resources, one of your first actions should be to acquire a certificate. If you aren't familiar with the use of certificates you might want to look at these pages: There are two especially important things to be aware of before you apply for a certificate. One is that you need to import the CA root certificate into your browser; instructions for doing this are on the CA web site.

Secondly, you should realise that when you apply for a certificate the private key is generated locally in the browser and is kept there, and not transmitted to the CA. When the certificate request is approved you get an email with a URL from which you can obtain the certificate. To marry this with the private key you must use the same browser used to make the request, and the browser must not have been re-installed in the interim.

You may need to have some understanding of how your browser handles certificates, especially the way it deals with password protection of your private key. Unfortunately, browsers are all different so it's impossible to give general instructions. The CA website has some information for specific supported browsers.

You can request a certificate from the UK eScience Certification Authority (CA) by visiting http://www.grid-support.ac.uk/ca/ and following the instructions. The process usually takes a few days, although it can be longer as it needs actions from several people (including you!).

Note that you will need to specify your "RA" (Registration Authority), which basically corresponds to your home institute. Further documentation on the application process, and what to do with the certificate once you've got it, is available from the CA web pages - in particular you will generally need to export the certificate from your browser to a Linux User Interface machine (UI).

A note on certificate expiry

Certificates are valid for one year. They must be renewed annually. Note that you can only renew a certificate before it expires. If your certificate expires you must go through the process of requesting a new certificate. The CA will send you a reminder 30 days before your certificate expires, and another one 7 days before if you haven't renewed it by then. The reminder email contains instructions on how to renew the certificate.

Last modified Mon 19 February 2007 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3
For more about GridPP please contact Neasan O'Neill