Grid Certficates

From ALICE@LBNL
Revision as of 15:27, 8 March 2013 by RJPorter (Talk | contribs)

Jump to: navigation, search

Important Change Regarding Issuance of Grid Certificates for Members of US Institutions

As of March 23, 2013, the DOEGrids Certificate Authority (CA) will no longer issue new or reissue old certificates. The process has now been taken over by the Open Science Grid which operates under the new DigiCert Grid CA. All people who are registered with the ALICE VO and access the grid using a DOEGrid certificate will need to obtain a new certificate via the OSG web interface (see below) and then re-register with the ALICE VO [1] using that new certificate.

People can determine the CA issuer of their current certificate using the openssl command and their usercert.pem file:

  • openssl x509 -in .globus/usercert.pem -noout -issuer

With results such as the following depending on whether the issuer is DOEGrids, OSG DigiCert or CERN:

  • issuer= /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
  • issuer= /DC=com/DC=DigiCert-Grid/O=DigiCert Grid/CN=DigiCert Grid CA-1
  • issuer= /DC=ch/DC=cern/CN=CERN Trusted Certification Authority

Users with certificate from the DOEGrids CA are encourage to obtain a new certificate from the OSG DigiCert Grid CA as described below.

(update in progress - 3/8/2013)

Introduction

In order to work within the ALICE Grid infrastructure, [2]AliEn, users must:

  • possess a grid certificate from an accepted Certificate Authority
    • For persons from US institutions, it was previously DOEGrids CA but now has transitioned to [3] OSG/DigiCertGrid CA
    • For any ALICE member (including US participants) may use the [4] CERN CA
  • be registered with the ALICE Virtual Organization - follow steps shown on [5] AliEn website


Obtaining a Grid Certificate

A grid certificated is typically obtained by and installed in your internet browser. One caveat is that there have been reoccurring problems with managing Grid certificates and VO registration with Safari. FireFox or IE are recommended. Chrome now reportedly works as well. Once a certificate is obtained, one will need to export it as a protected file or files for normal grid use. A personal grid certificate is valid for one year and can be automatically renewed with while it is still valid.

To obtain a new DOEGrid

To obtain a DOEGrids certificate, go to http://www.doegrids.org/ and select 'How to Request Certificates' link on the left side of the page. Select 'How to request a personal certificate"

Retrieved from "https://rnc.lbl.gov/Alice/wiki/index.php?title=Grid_Certficates&oldid=13647"