Difference between revisions of "GridRootCertificates"

From GridPP Wiki
Jump to: navigation, search
 
(8 intermediate revisions by one user not shown)
Line 1: Line 1:
  
= Root Certificates used on the Grid =
+
= Certificate Authorities used by services on the Grid =
  
 
== Introduction ==
 
== Introduction ==
  
The Grid uses a number of Root Certificates which may not appear in a browser certificate bundle by default; if these root certificates are not added to the browser store (or keychain in the case of macOS), exceptions have to be made when accessing associated HTPS sites. The intention of this page is to gather links to commonly used CAs and give links to their root certificate information.
+
The Grid uses a number of services with certificates signed by a CA (Certificate Authority) which may not appear in a browser certificate bundle by default. If these root certificates are not added to the browser store (or keychain in the case of macOS), exceptions have to be made when accessing associated HTTPS sites.  
  
== UK CA ==
+
Below is a list of Grid services; in each case the name of the service is given along with the appropriate CA and a note as to whether you might expect it to be bundled with a web browser. To avoid duplication, we recommend visiting the [https://www.tacar.org/cert/list TACAR] (Trusted Academic Certification Authority Repository) website to retrieve the required CA.
  
http://www.ngs.ac.uk/ukca/certificates/cacerts.html
+
{| class="wikitable"
 
+
|-
== CERN ==
+
! scope="col"| Service
 
+
! scope="col"| CA
https://cafiles.cern.ch/cafiles/certificates/Grid.aspx
+
! scope="col"| Bundled
 
+
! scope="col"| TACARS
== DESY ==
+
! scope="col"| Notes
 
+
|-
https://www-ca.desy.de/certificates/index_eng.html
+
| https://goc.egi.eu
 +
| UK e-Science CA 2B
 +
| No
 +
| Yes*
 +
| * TACARS out of date: use http://ngs.ac.uk/ukca/certificates/cacerts.html
 +
|-
 +
| https://pakiti.egi.eu
 +
| CESNET CA 3
 +
| No
 +
| Yes
 +
|
 +
|}

Latest revision as of 10:21, 7 December 2017

Certificate Authorities used by services on the Grid

Introduction

The Grid uses a number of services with certificates signed by a CA (Certificate Authority) which may not appear in a browser certificate bundle by default. If these root certificates are not added to the browser store (or keychain in the case of macOS), exceptions have to be made when accessing associated HTTPS sites.

Below is a list of Grid services; in each case the name of the service is given along with the appropriate CA and a note as to whether you might expect it to be bundled with a web browser. To avoid duplication, we recommend visiting the TACAR (Trusted Academic Certification Authority Repository) website to retrieve the required CA.

Service CA Bundled TACARS Notes
https://goc.egi.eu UK e-Science CA 2B No Yes* * TACARS out of date: use http://ngs.ac.uk/ukca/certificates/cacerts.html
https://pakiti.egi.eu CESNET CA 3 No Yes