AustrianGrid Certification Authority

Types of certificates

Certificates will be issued for: persons, hosts (electronic systems) and services (applications running on a defined host).

The following steps are prerequisites for certificate requests:

  1. The institution (e.g. company, subunit of a company or academic institution) has nominated in writing one or (preferably) two contact persons and requested a certificate for them - templates for such a letter can be downloaded in PDF, Microsoft Winword or OpenOffice.org format.
  2. The contact persons have requested a personal certificate (see below, point 3 doesn't apply).
  3. The institution accepts to sponsor the requestor and/or takes the responsibility for the host or service.

Requesting a certificate

Users requesting a certificate from the AustrianGrid CA will have to:

  1. on the AustrianGrid CA web site create the script necessary to generate the private key and certification request
  2. send the request to the Registration Authority (RA) which has already registered your institution
  3. have one of the contact person submit a consent to your request via signed e-mail
  4. arrange a face-to-face meeting with an agent of the RA at which they must present an official identification document bearing their photograph; the pages with the picture, their name and birth date will be copied and stored in the certification database, protected as private data at least as strongly as required by to the Austrian privacy law (Datenschutzgesetz)
  5. test the returned certificate against his/her private key (e.g. by en- and decrypting a short text, or by running the command get-proxy-init of the Globus Tool Kit)
  6. confirm acceptance of the certificate in a signed e-mail to the CA and RA.

For hosts or services one of the contact persons at the institution responsible for the operation of the host will have to generate the corresponding request and submit it to the appropriate RA in a signed e-mail.

Please note that in order to generate a certification request for a correct Distinguished Name we require that the generation of the private key and the certification request be only made using the script generated by the on-line form to be filled in at the CA web site. Scripts like the Globus grid-cert-request may not be used!.

Page last updated: 2008-09-30 10:26