r9 - 09 Nov 2008 - 22:43:28 - SamMorrisonYou are here: ARCS Wiki > 
Main Web > EndUserInstructions > GridCertificates
Main Web > EndUserInstructions > GridCertificatesARCS Certificate Authority.
Overview
The ARCS CA provides certificates that allow trusted authentication. For an overview of this see http://en.wikipedia.org/wiki/Public_key_infrastructure ARCS issues three types of certificates:- User - this is specific to a particular person and uniquely identifies them.
- RAO - has all the functionality of a User certificate but also allows the owner to approve certificate requests. (Registration Authority Operator)
- Host - these are for identifying specific machines (for example webservers).
Users
To obtain a User certificate, we recommend you use the Grix tool: http://www.arcs.org.au/GridGrix. For BeSTGRID? users please see http://www.bestgrid.org/index.php/Grid_Tools for the NZ version of Grix Your request will need to be approved by an RAO, who will check your photo ID and approve your certificate request. Find you local RAO from this List of Registration Authority Operators. You should receive email notification when your certificate is about to expire. A new request will need to be submitted using Grix, and you will need to visit an RAO again to have the request approved.RA Operators
List of Registration Authority Operators RAO Guide: How to issue certificatesProcedure and documentation for RAOs who are dealing with certificate requests. If you would like to become an RA Operator please email help@arcs.org.au
Renewing your RA Operator certificate
Yes you can approve your own RA Operator certificate renewal. When you renew your certificate you need to make sure that the Role is set to RA Operator. If you used GRIX the role will be set to User. You must have the Role set in the certificate signing request before you approve it (when it is in the "new" state) To change this you will need to edit your request in the web interface. Once you have edited your request, setting the role to RAOperator you can then proceed to approve the request.Host Certificates
How to request a Host certificateMiscellaneous
- Policies And Procedures - aka the CPS
The policies and procedures guide to getting and using certificates
- List Certificates
List of all currently valid certificates issued by the APACGrid CA.
- Search for a Certificate
Search for a certificate issued by APACGrid CA.
- Get the CA Certificate
Get the actual CA Certificate for the ARCS GridAus project.
- Get the CRL .
Get the certificate revocation list in one of three formats. Or use these links to obtain it directly : http://ca.apac.edu.au/pub/crl/cacrl.crl or http://ca.apac.edu.au/pub/crl/cacrl.pem or http://ca.apac.edu.au/pub/crl/cacrl.txt
- CA Signing Policy File
This file is distributed with the ARCS APAC Grid Certificate Authority bundle as provided in a number of distributions but you can also get just the file from here.
- Complete Certificate Handling Guide
The Complete process, for those who may run the CA in future
- Draft of the next CPS
Version 1.5 will be the new version of the CPS some stage in the future.
| References |
|---|
| The ARCS Grid CA Front End GUI |
| The Asia Pacific PMA, APGrid PMA, is the body that the APAC Grid Policy Management Authority is a member of. |
| The International Grid Trust Federation, IGTF is an association of the three world wide Grid PMAs. Its current distibution, including the APACGrid bundle is here. |
| CP/CPSs are based on profiles stored at EurogridPMA. |
| RFC - http://rfc.net/rfc3647.html http://rfc.net/rfc3280.html http://rfc.net/rfc2459.html http://rfc.net/rfc2527.html (CPS Format) |
- Protect this page:
- Set ALLOWTOPICCHANGE = DavidBannon, SamMorrison, AndyBotting, DanielCox
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding ARCS Wiki? Send feedback