TWiki> Main Web>EndUserInstructions>GridCertificates (09 Mar 2010, SamMorrison)EditAttach

ARCS Certification Authority.

Overview

The ARCS CA provides certificates that allow trusted authentication. For an overview of this see http://en.wikipedia.org/wiki/Public_key_infrastructure

ARCS issues three types of certificates:

  1. User - this is specific to a particular person and uniquely identifies them.
  2. RAO - has all the functionality of a User certificate but also allows the owner to approve certificate requests. (Registration Authority Operator)
  3. Host - these are for identifying specific machines (for example webservers).

If you wish to use ARCS grid services you just need a user certificate.

If you work at a site where there is no approving RAO and there is likely to be a demand for one, you can apply to become an RAO and approve requests for your organization.

If you are setting up a secure web server you can apply for a host certificate.

Users

To obtain a User certificate, we recommend you use the Grix tool: http://www.arcs.org.au/products-services/authorisation-services/grix

For BeSTGRID users please see http://www.bestgrid.org/index.php/Grid_Tools for the NZ version of Grix

Your request will need to be approved by an RAO, who will check your photo ID and approve your certificate request. Find you local RAO from this List of Registration Authority Operators.

You should receive email notification when your certificate is about to expire. A new request will need to be submitted using Grix, and you will need to visit an RAO again to have the request approved.

RA Operators

List of Registration Authority Operators

RAO Guide: How to issue certificates
Procedure and documentation for RAOs who are dealing with certificate requests.

If you would like to become an RA Operator please email help@arcs.org.au

Renewing your RA Operator certificate

Yes you can approve your own RA Operator certificate renewal.

When you renew your certificate you need to make sure that the Role is set to RA Operator.

If you used GRIX the role will be set to User.

You must have the Role set in the certificate signing request before you approve it (when it is in the "new" state)

To change this you will need to edit your request in the web interface. Once you have edited your request, setting the role to RAOperator you can then proceed to approve the request.

Host Certificates

How to request a Host certificate

Policies

Miscellaneous

  • List Certificates
    List of all currently valid certificates issued by the APACGrid CA.

  • CA Signing Policy File
    This file is distributed with the ARCS APAC Grid Certificate Authority bundle as provided in a number of distributions but you can also get just the file from here.

References
RFC - http://rfc.net/rfc3647.html http://rfc.net/rfc3280.html http://rfc.net/rfc2459.html http://rfc.net/rfc2527.html (CPS Format)
The ARCS Grid CA Front End GUI
The Asia Pacific PMA, APGrid PMA, is the body that the APAC Grid Policy Management Authority is a member of.
The International Grid Trust Federation, IGTF is an association of the three world wide Grid PMAs. Its current distribution, including the APACGrid bundle is here.
CP/CPSs are based on profiles stored at EurogridPMA.

-- SamMorrison - 09 Mar 2010

Edit | Attach | Print version | History: r12 < r11 < r10 < r9 < r8 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r12 - 09 Mar 2010 - 19:41:26 - SamMorrison
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback