BgGrid - How to request a certificate

From EGEE-see WIki

Jump to: navigation, search
[edit]

What is a Digital Certificate?

A digital certificate is your electronic identity to access the Grid. It is used in every authentication and authorization procedure and also ensures the confidentiality and integrity of your data sent on the net while you are working on the Grid. Digital Certificates are issued by accredited Certification Authorities (CAs). There exists a CA in every country.

Important! Please keep in mind that Digital Certificates are strictly personal. Do not share your certificate or your private keys. Also don't give away your certificate password. If one of your colleagues or another member of your research team needs to access the Grid he/she should apply for his/her own certificate. Failure to comply with the above is considered a violation of the policies under which your certificate was issued and may lead to the certificate revocation by the issuing CA. In simple words this means that you will be banned from the EGEE infrastructure (at least until a new Certificate is issued for you).

[edit]

Requesting a certificate

The Bulgarian Academic Certification Authority has been established in order to serve the EGEE Bulgarian users. The steps that must be followed in order to obtain a Digital Certificate from the BG.ACAD CA are the following:

Download the following script and then execute it on the machine that is meant to store your key pair. (Usually this should be the User Interface Node). Follow the onscreen instructions. This script will generate your private key and your certificate request file (CSR).

NOTE ! : As a general precaution you must not execute the script as root.

Put the certificate request file (it will be named like this - i.e people-Ivan_P._Dimitrov_-20070505-083333.pem ) on a removable storage (a floppy disk, CD/DVD or a flashdrive). Remember, we need ONLY this file on the removable storage media.

Important !!!: The private key associated with your certificate should:


1.be stored in a file which is only readable by you

2.not be stored somewhere visible on the network (e.g. not in an NFS mounted directory)

3.be protected by a strong password. Help with choosing a secure password is available here http://security.web.cern.ch/security/passwords

4.never shared with anybody else. For instance - when you take your CSR to the RA on a flash drive, do NOT put your private key (userkey.pem) on the flash, together with the request.


Failure to observe the above rules will result in you being denied the issuance of a Certificate as well as denied access to LCG GRID resources !

Contact one of the Registration Authorities (RA) to make an appointment.

Meet the RA in person. You must bring with you:


1.a valid Identitification Document - Identity Card or Driver's License

2.the declaration (official note) from your Institute/Employing Organization certifying that you are an employees of that organization.

3.the removable media on which you store your CSR. It will be copied by the RA and the removable media will be returned to you.


When you meet the RA, you will have to sign a declaration yourself that you have read the CP/CPS, so please make sure you have done so.

Within 5 working days BG.ACAD CA will issue your Digital Certificate and publish it in the online repository.

More instructions on how being able to actually make use of you own certificate can be found at the link http://ca.acad.bg/userguide.html

Retrieved from "http://wiki.egee-see.org/index.php/BgGrid_-_How_to_request_a_certificate"
Personal tools