Certification Authority at Karlsruhe Institute of Technology (GermanGrid)
Member of EUGridPMA

The German Grid Certification Authority GridKa-CA at Karlsruhe Institute of Technology (KIT) is a member of the EUGridPMA. The EUGridPMA is the international organisation to coordinate the trust fabric for e-Science grid authentication in Europe. It collaborates with the regional peers APGridPMA for the Asia-Pacific and the Americas Grid PMA in the International Grid Trust Federation.
GridKa-CA provides certificates according to the X.509 standard for users, hosts and applications, limited to Germany.

 

ROOT CA certificate for GermanGrid
New Root-CA cerificate:

Not Before: Jun 11 13:45:54 2003 GMT
Not After:   Jun 10 13:45:54 2023 GMT

The Root Certificate with Hash-Value 'dd4b34ea' respectively '7ecb2657' can be downloaded here:
dd4b34ea.0 resp. 7ecb2657.0
(Openssl version 1.0 onwards creates another Hash-Value, but points to the exactly same certificate)

Import GermanGrid ROOT CA into your Browser

Please delete the old GriKa-CA Root certifcate and any associated server certificate in your browser, close and open the browser again, before the new import.
Old Root-CA cerificate:

Not Before: Jun 11 13:45:54 2003 GMT
Not After:   Jun 10 13:45:54 2014 GMT

The Root Certificate with Hash-Value 'dd4b34ea' respectively '7ecb2657' can be downloaded here:
dd4b34ea.0.old resp. 7ecb2657.0.old
(Openssl version 1.0 onwards creates another Hash-Value, but points to the exactly same certificate)


Fingerprints of the ROOT CA certificates
New certificate:
SHA1 fingerprint=82:A7:F9:7C:39:CD:21:18:9E:0E:39:27:51:D6:05:AC:A7:F6:BD:BD
SHA-256 fingerprint=6B:7F:0E:7F:61:DC:84:19:B1:96:94:C1:23:59:7C:41:FB:F7:2D:FE:B5:19:0D:16:09:F3:78:7D:BA:DC:85:D4
Old certificate:
SHA1 fingerprint=AF:A0:D1:16:FB:E6:E9:44:9B:22:01:8A:6E:0D:AC:23:A7:DC:CD:A7

 

Certification Revocation List (CRL)
The Certificate Revocation List in PEM-format:    gridka-crl.pem
The Certificate Revocation List in DER-format:   gridka-crl.der
For browser import:   gridka-crl.crl

 

Certificate Policies (CP) and Certificate Practice Statement (CPS)
In Certificate Policy and Certification Practice statement the proceeding and boundary conditions are described, when, as and for whom a certificate is issued by the GermanGrid CA at the Research Centre Karlsruhe.
Here is the current CP/CPS: Version 1.9 valid since 28th August 2013
 
Older versions Version 1.8   Version 1.7   Version 1.6   Version 1.5   Version 1.4   Version 1.3   Version 1.2   Version 1.1   Version 1.0   Version 0.2   Version 0.1.

 

Who can get a certificate?
User, host and application certificates are provided for members of KIT and participants of the following projects, experiments and organizations:
High Energy Physics Experiments:Alice Atlas BaBar CDF CMS COMPASS D0 LHCb S-Belle
International/National projects:LHC Computing Grid Project EGI/NGI-DE bwGRiD NorduGrid Auger
Organizations:List of organizations

 

How to request a certificate?
 
1.) through the Webinterface of GridKa-CA
The website can be used by all registered organizations. Please fill in the form Gridka-CA Formular after you have requested your first personal certificate. You have to give it personally to your Registration Authority (RA). Please bring also your original identity document so that the RA can compare the dates and verify your identity.
 
2.) on a server where openssl is installed:
   - Request File with openssl commands
   description
 
3.) on a server where globus/gLite is installed:
You can find a detailed description here.

 

What to do with the certificate request file?
If you are using the web interface the request is automatically send to the GridKa-CA. Your RA will proof your identity as described in 1.) if it is your first request. Then the electronic request will be checked and approved (or rejected if something is wrong). Afterwards the certificate will be issued by the GridKa-CA and placed on the interface at your disposal for download. You will be informed about each step by email. The download of the certificate is password protected. You will get the password together with the download link by email.

Important: Please use the same web browser with the same version on the same host for requesting as well as downloading the certificate.
If you are using openssl or grid-cert-request you can upload the request file as PEM format at the Webinterface of GridKa-CA, or you send the signed certificate request file by email to GridKa-CA.

 

GridKa-CA files for Grid Security Infrastructure
download GridKa GSI TAR
includes following files:
  ca_GermanGrid-1.54/
  ca_GermanGrid-1.54/GermanGrid.crl_url
  ca_GermanGrid-1.54/GermanGrid.signing_policy
  ca_GermanGrid-1.54/dd4b34ea.signing_policy
  ca_GermanGrid-1.54/7ecb2657.signing_policy
  ca_GermanGrid-1.54/GermanGrid.namespaces
  ca_GermanGrid-1.54/7ecb2657.0
  ca_GermanGrid-1.54/GermanGrid.pem
  ca_GermanGrid-1.54/dd4b34ea.0
  ca_GermanGrid-1.54/GermanGrid.info
  ca_GermanGrid-1.54/dd4b34ea.namespaces
  ca_GermanGrid-1.54/7ecb2657.namespaces
 
Usage of Openssl
How to use openssl (german language only)
openssl-gridka.cnf

 


 If you have problems with our CA please contact us via email GridKa-CA.
 Or send post to the following address:
 Karlsruhe Institute of Technology (KIT)
 Steinbuch Centre for Computing (SCC)
 Zertifizierung
 Hermann-von-Helmholtz-Platz 1
 76344 Eggenstein-Leopoldshafen