| Certification Authority at Karlsruhe Institute of Technology (GermanGrid) |
|---|
| Member of
EUGridPMA
|
| The German Grid Certification Authority GridKa-CA at Karlsruhe Institute of Technology (KIT) is a member of the EUGridPMA.
The EUGridPMA is the international organisation
to coordinate the trust fabric for e-Science grid authentication in Europe.
It collaborates with the regional peers
APGridPMA for the Asia-Pacific and the
Americas Grid PMA
in the International Grid Trust Federation. GridKa-CA provides certificates according to the X.509 standard for users, hosts and applications, limited to Germany. |
| ROOT CA certificate for GermanGrid |
|---|
| Validity Not Before: Jun 11 13:45:54 2003 GMT Not After: Jun 10 13:45:54 2014 GMT |
| The Root Certificate with Hash-Value 'dd4b34ea' respectively '7ecb2657' (Openssl version 1.0 onwards creates another Hash-Value, but points to the exactly same certificate) can be downloaded here: dd4b34ea.0 resp. 7ecb2657.0 |
| Please delete the old GriKa-CA Root certifcate in your browser before the new import. |
| Fingerprint of the ROOT CA certificate |
|---|
| SHA1 Fingerprint=AF:A0:D1:16:FB:E6:E9:44:9B:22:01:8A:6E:0D:AC:23:A7:DC:CD:A7 |
| MD5 Fingerprint=74:7A:9E:7B:6B:03:5A:FA:FC:BF:70:FB:DD:E9:95:0B |
| Certification Revocation List (CRL) |
|---|
| The Certificate Revocation List in PEM-format:
gridka-crl.pem The Certificate Revocation List in DER-format: gridka-crl.der For browser import: gridka-crl.crl |
| Certificate Policies (CP) and Certificate Practice Statement (CPS) |
|---|
| In Certificate Policy and Certification Practice statement the proceeding and boundary conditions are described, when, as and for whom a certificate is issued by the GermanGrid CA at the Research Centre Karlsruhe. |
| Here is the current CP/CPS: Version 1.7 valid since 25th October 2011 |
| Older versions Version 1.6 Version 1.5 Version 1.4 Version 1.3 Version 1.2 Version 1.1 Version 1.0 Version 0.2 Version 0.1. |
| Who can get a certificate? |
|---|
| User, host and application certificates are provided for members of KIT and participants of the following projects, experiments and organizations: |
| High Energy Physics Experiments: | Alice Atlas BaBar CDF CMS COMPASS D0 LHCb |
| International/National projects: | LHC Computing Grid Project EGEE D-GRID NorduGrid |
| Organizations: | List of organizations |
| How to request a certificate? |
|---|
| 1.) through the Webinterface of GridKa-CA |
| The website can be used by all registered organizations. Please fill in the form Gridka-CA Formular after you have requested your first personal certificate. You have to give it personally to your Registration Authority (RA). Please bring also your original identity document so that the RA can compare the dates and verify your identity. |
| 2.) on a server where openssl is installed: |
| - Perl Script for easily create request file (Thanks a lot Harry Enke) |
| Download Perl Script |
| Syntax: |
perl openssl_generate_user_req.pl -u "<FirstName> <LastName>" -i "<OU>" -r "<RA_Email>" |
| <FirstName> <LastName>: your first and last name, seperated with "blank". |
| <OU>: your OrganisationalUnit), have a look at this List |
| <RA_Email>: Mailaddress of responsible person, have a look at this List |
| or |
| - Request File with openssl commands |
| description |
| 3.) on a server where globus/gLite is installed: |
| You can find a detailed description here. |
| What to do with the certificate request file? |
|---|
| If you are using the web interface the request is automatically send to the GridKa-CA.
Your RA will proof your identity as described in 1.) if it is your first request.
Then the electronic request will be checked and approved (or rejected if something is wrong).
Afterwards the certificate will be issued by the GridKa-CA and placed on the interface at your disposal for
download. You will be informed about each step by email. The download of the certificate is password protected.
You will get the password together with the download link by email. Important: Please use the same web browser with the same version on the same host for requesting as well as downloading the certificate. |
| If you are using openssl or grid-cert-request you can upload the request file as PEM format at the Webinterface of GridKa-CA, or you send the signed certificate request file by email to GridKa-CA. |
| Configuration files for Grid Security Infrastructure |
|---|
| download GridKa GSI RPM |
| includes following files: |
| /etc/grid-security/certificates/dd4b34ea.0 /etc/grid-security/certificates/dd4b34ea.crl_url /etc/grid-security/certificates/dd4b34ea.info /etc/grid-security/certificates/dd4b34ea.namespaces /etc/grid-security/certificates/dd4b34ea.signing_policy /etc/grid-security/globus-host-ssl.conf /etc/grid-security/globus-user-ssl.conf /etc/grid-security/grid-security.conf |
| Usage of Openssl |
| How to use openssl (german language only) |
| openssl-gridka.cnf |
| If you have problems with our CA please contact GridKa-CA. |