1 / 18

Summer School Certificates Diego Romano & Gilda Team

Summer School Certificates Diego Romano & Gilda Team. Review of the basics. The Grid uses public key or asymmetric encryption for authentication of users, resources and services.

debra-brady
Download Presentation

Summer School Certificates Diego Romano & Gilda Team

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Summer School Certificates Diego Romano & Gilda Team

  2. Review of the basics • The Grid uses public key or asymmetric encryption for authentication of users, resources and services. • According to the basics of public-key cryptography, each resources on the GRID has a key pair, a public and a private key. • The public key is made public while the private key must be kept secret.

  3. Encryption and authorization is performed using the public key while decryption and digital signature is performed with the private key. • It is important to notice that generating a key pair does not automatically provide you access to the Grid resources. • A trusted authority of the Grid, called the Certificate Authority (CA) needs to sign your key pair, this way confirming your identity. This signing procedure of the CA is often referred as “issuing a certificate”.

  4. Files • The userkey.pem file (or resourcekey.pem) contains the private key encrypted with your password (called pass phrase). • The certificate file (usercert.pem) contains your public key together with additional important informations such as the subject name of the holder of the certificate, the name of the signing CA, and the digital signature of the CA. • The important role of the CA is to establish a trustful connection between the identity of the user and the public key in the certificate file.

  5. Files (2) • The digital signature of the CA in the user's certificate file officially declares that the public key in the file belongs to the specific user (subject name).

  6. Request • In order to obtain a valid passport to the Grid you need to create a key pair and submit your public key to the CA (this process is called as a certificate request) for a signature. • The CA will follow its certificate policy and upon successful evaluation of your request your public key will be signed and posted back to you.

  7. Your certificate • Has been already provided and installed by us in the .globus directory • It is from Gilda testbed, but we configured the other practicals to use it as well • Please, check if yours is correctly installed

  8. The users meets the RA (Registration Authority) that will verify the user’s identity These steps are not needed to get a certificate from the GILDA CA • How to obtain a certificate: ? The user wants to get a certificate The RA will provide the user with a key to be used in the registration form

  9. https://gilda.ct.infn.it/

  10. From: GILDA-CA <gilda-ca@ct.infn.it> To: <email address given in the request form> Subject: GILDA Personal Certificate for <username> Just click the link to get the certificate. • You will get an e-mail at the e-mail address given in previous web form Dear User, you can download your GILDA Personal Certificate going, *with the same browser you used to submit the request*, to the URL: https://gilda.ct.infn.it/cgi-bin/gucert.pl?0A44 Your certificate is valid for $CERTIFICATE_DAYS_VALUE days. After that you can go to: https://voms.ct.infn.it:8443/voms/gilda/webui/request/user/create and register to the GILDA VOMS (usually, registration takes a working day). Then, you can go to the GILDA Grid Demonstrator at the URL: https://grid-demo.ct.infn.it or, if you are participating to a tutorial or an induction course, to the GILDA Grid Tutor at the URL: https://grid-tutor.ct.infn.it (for LCG) or https://glite-tutor.ct.infn.it (for gLite) Remember that: 1) whenever you are prompted for the Operating System, use the username and the password you have chosen when you requested the GILDA Personal Certificate as username and as password; 2) whenever you are prompted for the GRID username and password and the passphrase of your GILDA Personal Certificate as password. Best Regards The GILDA CA Manager GILDA Certification Authority Tel: +39 095 378 5469 Fax: +39 095 378 5231 Via S. Sofia, 64 I-95123 Catania ITALY http://gilda.ct.infn.it/CA/

  11. You will be informed that a new certificate is available in your browser certificate list. • Very important: you HAVE TO use the very same browser in all the previous steps • It’s suggested now to export the certificate and store it in a safe place. • The certificate exporting procedure and the extension of the file is browser dependend (*.p12 for Mozilla/Netscape/FireFox and *.pfx for Internet Explorer). • Exported certificates need to be converted in PEM format (*.pem). This is the certificate format used by the gLite security services.

  12. Just follow the link to be registered to the GILDA VO • In the same e-mail we showed before you can seen one more link: Dear User, you can download your GILDA Personal Certificate going, *with the same browser you used to submit the request*, to the URL: https://gilda.ct.infn.it/cgi-bin/gucert.pl?0A44 Your certificate is valid for 365 days. After that you can go to: https://voms.ct.infn.it:8443/voms/gilda/webui/request/user/create and register to the GILDA VO (usually, registration takes a working day). Then, you can go to the GILDA Grid Demonstrator at the URL: https://grid-demo.ct.infn.it or, if you are participating to a tutorial or an induction course, to the GILDA Grid Tutor at the URL: https://grid-tutor.ct.infn.it or https://grid-tutor1.ct.infn.it Remember that: 1) whenever you are prompted for the Operating System, use the username and the password you have chosen when you requested the GILDA Personal Certificate as username and as password; 2) whenever you are prompted for the GRID username and password and the passphrase of your GILDA Personal Certificate as password. Best Regards The GILDA CA Manager …

  13. This page will be only accessible if you have imported successfully the received certificate

  14. Confirm your VO registration request following the above link

  15. Finally you will get a confirmation e-mail Now you are member of the GILDA VO!!!

More Related