OUT OF DATE: Replaced by end-user focused documentation here: http://www.grid.apac.edu.au/HowTo/grix

and the grix project homepage here: http://grix.vpac.org

GRIX - GRid Interface for X509 Certificate Management

We are currently developing a tool to make the process of requesting and installing a certificate easier. It is called "Grix" (GRid Interface for X509certificate management).

Requirements

Since the tool is written in Java, the latest Java 2 Runtime Environment, Standard Edition 1.5.0_07 (JRE) has to be installed on your computer. It is possible to run it with any version of Java >= 1.5.0, but we strongly recommend to use the latest version (1.5.0_07 at this point in time) to enable all features of Grix.

We also recommend to install the "Java Unlimited Strength Policy Files". Without them you won't be able to use certain features of Grix, like the export of browser certificates. For instructions how to install the policy files, take a look here.

If you don't have the permissions to install Java or the policy files on your machine ask your Systems Administrator to do it for you.

Important: If you encounter any problems, please take a look here for more information about the different versions Java and how they affect Grix.

Download and install

Here are the instructions how to install/start Grix: Installation

Using Grix

This is what you see when you first start Grix:

Creating a new certificate

You first need to send a request for the certificate. Click the "Create" button. The following window should pop-up:

Fill in your details and choose a passphrase. Then click "Create request".

Now Grix is creating a private key for you, encrypted with the passphrase you provided. The key is stored in the .globus folder in your home directrory. It is called userkey.pem. After that a certificate request is created which is saved to a file called usercert_request.pem in the same directory.

If everything went ok this window appears:

Grix is offering to upload the request to the Certificate Authority server. Click "Yes".

If you see the following window click "Yes" again.

If the upload was successful, you should see this message (If you are using Windows and you can't see the details page, click on the border of the window or resize it. After that the page should be rendered correctly. This is a bug.):

This means that your certificate request was sent to our server.

You now need to make an appointment to see an RAO in person. You need to take some photo ID of yourself (and if possible the serial number displayed in the details page from above).

Once your certificate request has been approved by the RAO and the Certificate Authority has processed your request, you should receive an e-mail informing you that it has been done. This e-mail should arrive within two days of putting in your request, if not, you may send an e-mail enquiring about your certificate request along with your serial number and Name to camanager@vpac.org.

After you received the email, start Grix (on the computer you requested the certificate from) again and click the "Check" button. If your certificate is ready for download this dialog pops up:

Click "Yes". Your certificate named usercert.pem will be downloaded to the .globus folder in your home directory. The main window should now show the details of your certificate:

Importing you certificate into a Browser

Exporting to a browser readable certificate

This will only work if you have the "Java Unlimited Strength Policy Files" (see above) installed.

Click "Export browser certificate". You will see this window:

Enter the passphrase you used when creating your certificate request earlier. If everything went ok, you should see this:

Now you've got a certificate usercert.p12 in your .globus directory which you can import into your browser.

Import into Firefox

Open Firefox, click Edit and Preferences in the menu. In the preferences dialog click Advanced and then the Security tab:

Then click the "View Certificates" button and select (if not already selected) the first tab "Your Certificates".

Click Import:

Select the .globus folder in your home directory (usually /home/'your username'/.globus under Linux or C:\Documents and Settings\'your username'\.globus under Windows) and select the newly created file usercert.p12.

• If you can't browse to the .globus directory under Linux because it is a hidden directory, press Ctrl-L. This will pop up a window where you can enter .globus. Then you should be in the .globus directory where you can select usercert.p12.

After clicking "Open" a Password Entry Dialog appears. Provide the same password you used when creating your certificate request. Click "OK".

A dialog stating that you successfully restored your security certificate(s) and private key(s) should appear. Click "OK".

If you don't see your certificate in the "Certificate Manager" window now, you will have to repeat the "Import" procedure. After the second time it is usually there. I don't know why that sometimes happens but my guess is a bug in Firefox.

Import into Internet Explorer

Open Explorer and go to the .globus folder in your home directory (something like: C:\Documents and Settings\'your username'\.globus).

Double-click the file usercert.p12. The following window should appear:

Click "Next".

Click "Next".

Enter the password you used when creating your certificate request.

Click "Next".

Click "Finish". Now your certificate is installed.

Troubleshooting

If you have any trouble installing/using Grix or you have suggestions/questions write an email to: markus@vpac.org or call: 03 9925 4862 (Markus)

TODO