AEGIS - How to request a certificate

From EGEE-see WIki

Jump to: navigation, search
[edit]

What is a Digital Certificate?

A digital certificate is your electronic identity to access the Grid. It is used in every authentication and authorization procedure and also ensures the confidentiality and integrity of your data sent on the net while you are working on the Grid. Digital Certificates are issued by accredited Certification Authorities (CAs). There exists a CA in every country.

Important! Please keep in mind that Digital Certificates are strictly personal. Do not share your certificate or your private keys. Also don't give away your certificate password. If one of your colleagues or another member of your research team needs to access the Grid he/she should apply for his/her own certificate. Failure to comply with the above is considered a violation of the policies under which your certificate was issued and may lead to the certificate revocation by the issuing CA. In simple words this means that you will be banned from the EGEE infrastructure (at least until a new Certificate is issued for you).

[edit]

Requesting a certificate

AEGIS Certification Authority was formed to facilitate Public Key Infrastructure (PKI) services for Serbian GRID community. AEGIS users can request personal, host and service certificates. The AEGIS CA is operated by University of Belgrade Computing Centre (RCUB) .

In order to obtain an AEGIS certificate, you need to have a valid user account in one of the User Interface nodes (UI) of AEGIS to generate a certificate request.

You can use any ssh client to log in to a User Interface with your username. In case you are using Windows, you can use any SSH compatible terminal emulator. Once your login is successfull, you need to issue the following command: 

>grid-cert-request

Important note: In order to be able to execute this command /opt/globus/bin/ must be in your PATH.

Three files will be generated after this command is executed, these files are:


1.userkey.pem : contains the private key associated with the certificate: it must be kept readable only by the user requesting the certificate.

2.usercert-request.pem : contains the request for the user certificate.

3.usercert.pem : should be replaced by the actual certificate when you will receive it signed.


You need to upload or send the certificate request file (usercert-request.pem) via e-mail to the CA manager using this link http://aegis-ca.rcub.bg.ac.yu/reqest.html. Before your certificate is authorised, you will need to make a personal appearance to verify your identity. You will need a valid photo ID document or a passport. Instructions will be sent to you in a reply mail.

Retrieved from "http://wiki.egee-see.org/index.php/AEGIS_-_How_to_request_a_certificate"
Personal tools