guide:Certificates/server/GridKA
Contents |
Information
The German Grid Certification Authority GridKa-CA at Forschungszentrum Karlsruhe is a member of the EuGridPMA. The EUGridPMA is the international organization to coordinate the trust fabric for e-Science grid authentication in Europe. It collaborates with the regional peers APGridPMA for the Asia-Pacific and the Americas Grid PMA in the International Grid Trust Federation.
The GridKa-CA provides certificates according to the X.509 standard for users, hosts and applications, limited to Germany.
ROOT CA certificate for the GridKa-CA
Validity
- Not Before: Jun 11 13:45:54 2003 GMT
- Not After : Jun 10 13:45:54 2014 GMT
The new Root Certificate of GridKa-CA with the hash value dd4b34ea can be downloaded here: dd4b34ea.0.
Alternatively you can import the certificate into your browser: Import new GermanGrid Root CA into your Browser.
 Please delete the old GridKa-CA Root certificate in your browser before the new import. |
Fingerprint of the ROOT CA Certificates
- SHA1 Fingerprint=AF:A0:D1:16:FB:E6:E9:44:9B:22:01:8A:6E:0D:AC:23:A7:DC:CD:A7
- MD5 Fingerprint=74:7A:9E:7B:6B:03:5A:FA:FC:BF:70:FB:DD:E9:95:0B
Certification Revocation Lists (CRL)
- The revocation list in PEM format: gridka-crl.pem
- The revocation list in DER format: gridka-crl.der
- For the import to the browser: gridka-crl.crl
Certificate Policy (CP) und Certification Practice Statement (CPS)
- In Certificate Policy and Certification Practice statement the proceeding and boundary conditions are described, when, as and for whom a certificate is issued by the GermanGrid CA at the Research Center Karlsruhe.
- Here is the current CP/CPS: Version 1.4 valid since July 2007.
- Old versions: Version 1.3, Version 1.2, Version 1.1 , Version 1.0 , Version 0.2, Version 0.1
Who receives a certificate?
User, host and application certificates are provided for members of Research center Karlsruhe and participants of the following projects, experiments and organizations:
- High-energy physics experiments: Alice, Atlas, BaBar, CDF, CMS, COMPASS, D0, LHCb
- International/National Projects: EGEE, D-GRID, NorduGrid
- Organizations: List of Organizations
How to request a certificate?
There are 3 possibilities:
- By using the the web interface of GridKa-CA
- on a computer where openssl is installed:
- Use this Perl script to easily create a user certificate request file
# Syntax: perl openssl_generate_user_req.pl -u "<First Name> <Last Name>" -i "<OU>" -r "<RA_Email>" # Where: # <First name> <Last name>: Your first name and last name, separated with "blank". # <Organization shortcuts>: Your Organizational Unit (OU) # <RA_Email>: Mail address of responsible person
- For <Organization shortcuts> and <RA_Email> have a look at this list
- Create a request file with openssl commands. See explanation here
- Openssl configuration file openssl-gridka.cnf
- Send the request per E-Mail to the responsible person in your Registration Authority, have a look at this list
- On a computer where Globus is installed. See explanation here
What to do after the request?
To guarantee the relationship between a person and certificate an identification procedure was defined which is also described in our CA Policy. This means that certificates may be issued only after approval from the responsible person for the appropriate institution. Please send a copy of your identity card to the following address with handwritten signature of the responsible person:
Forschungszentrum Karlsruhe, SCC Zertifizierung
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen
- See Also
