Certification Authority at Forschungszentrum Karlsruhe (GermanGrid)
Member of EUGridPMA

The German Grid Certification Authority GridKa-CA at Forschungszentrum Karlsruhe is a member of the EUGridPMA. The EUGridPMA is the international organisation to coordinate the trust fabric for e-Science grid authentication in Europe. It collaborates with the regional peers APGridPMA for the Asia-Pacific and the Americas Grid PMA in the International Grid Trust Federation.
GridKa-CA provides certificates according to the X.509 standard for users, hosts and applications, limited to Germany.

 

ROOT CA certificate for GermanGrid
Validity
Not Before: Jun 11 13:45:54 2003 GMT
Not After : Jun 10 13:45:54 2014 GMT
The NEW Root Certificate for dd4b34ea can be downloaded here: new-dd4b34ea.0
Import GermanGrid ROOT CA into your Browser
Please delete the old GriKa-CA Root certifcate in your browser before the new import.

Fingerprint of the ROOT CA certificate
SHA1 Fingerprint=AF:A0:D1:16:FB:E6:E9:44:9B:22:01:8A:6E:0D:AC:23:A7:DC:CD:A7
MD5 Fingerprint=74:7A:9E:7B:6B:03:5A:FA:FC:BF:70:FB:DD:E9:95:0B

 

Certification Revocation List (CRL)
The Certificate Revocation List in PEM-format:    gridka-crl.pem
The Certificate Revocation List in DER-format:   gridka-crl.der
For browser import:   gridka-crl.crl

 

Certificate Policies (CP) and Certificate Practice Statement (CPS)
In Certificate Policy and Certification Practice statement the proceeding and boundary conditions are described, when, as and for whom a certificate is issued by the GermanGrid CA at the Research Centre Karlsruhe.
Here is the current CP/CPS: Version 1.5 valid since Juni 2008
 
Older versions Version 1.4   Version 1.3   Version 1.2   Version 1.1   Version 1.0   Version 0.2   Version 0.1.

 

Who can get a certificate?
User, host and application certificates are provided for members of Forschungszentrum Karlsruhe and participants of the following projects, experiments and organizations:
High Energy Physics Experiments:Alice Atlas BaBar CDF CMS COMPASS D0 LHCb
International/National projects:LHC Computing Grid Project EGEE D-GRID NorduGrid
Organizations:List of organizations

 

How to request a certificate?
 
1.) through the Webinterface of GridKa-CA
The website can be used by all registered organizations. Please contact afterwards your RA administrator.
 
2.) on a server where openssl is installed:
   - Perl Script for easily create request file (Thanks a lot Harry Enke)
   Download Perl Script
   Syntax:
perl openssl_generate_user_req.pl -u "<FirstName> <LastName>" -i "<OU>" -r "<RA_Email>"
   <FirstName> <LastName>: your first and last name, seperated with "blank".
   <OU>: your OrganisationalUnit), have a look at this List
   <RA_Email>: Mailaddress of responsible person, have a look at this List
 
   or
 
   - Request File with openssl commands
   description
 
3.) on a server where globus/gLite is installed:
You can find a detailed description here.

 

What to do with the certificate request file?
If you are using the web interface and the copy of your passport was handed to the RA administrator, then the RA administrator proofs and approves your request. Afterwards it will be signed by the GridKa-CA and placed on the interface at your disposal for download. You will be informed abaout each step by email. In addition the download is password protected. You will get the password also by email.
Important: Please use the same web browser with the same version on the same host for requesting as well as downloading the certificate.
If you are using openssl or grid-cert-request you can upload the request file as PEM format at the Webinterface of GridKa-CA, or you send the signed certificate request file by email to GridKa-CA.
Requestors, whose organizations are not participating in the online approval process must still identify themselves toward the GridKa-CA. To guarantee the relationship between a person and certificate an identification procedure was defined which is also described in our CA Policy. This means that certificates may be issued only after approval from the responsible person for the appropriate institution. Please send a copy of your identity card to the following address with handwritten signature of the responsible person:
Forschungszentrum Karlsruhe
IWR
Zertifizierung
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen

 

Configuration files for Grid Security Infrastructure
download GridKa GSI RPM
includes following files:
  /etc/grid-security/certificates/dd4b34ea.0
  /etc/grid-security/certificates/dd4b34ea.crl_url
  /etc/grid-security/certificates/dd4b34ea.info
  /etc/grid-security/certificates/dd4b34ea.namespaces
  /etc/grid-security/certificates/dd4b34ea.signing_policy
  /etc/grid-security/globus-host-ssl.conf
  /etc/grid-security/globus-user-ssl.conf
  /etc/grid-security/grid-security.conf
 
Usage of Openssl
How to use openssl (german language only)
openssl-gridka.cnf

 


 If you have problems with our CA please contact GridKa-CA.