| Certification Authority at Forschungszentrum Karlsruhe (GermanGrid) |
|---|
| Member of
EUGridPMA
|
| The German Grid Certification Authority GridKa-CA at Forschungszentrum
Karlsruhe is a member of the EUGridPMA.
The EUGridPMA is the international organisation
to coordinate the trust fabric for e-Science grid authentication in Europe.
It collaborates with the regional peers
APGridPMA for the Asia-Pacific and the
Americas Grid PMA
in the International Grid Trust Federation. GridKa-CA provides certificates according to the X.509 standard for users, hosts and applications, limited to Germany. |
| ROOT CA certificate for GermanGrid |
|---|
| Validity Not Before: Jun 11 13:45:54 2003 GMT Not After : Jun 10 13:45:54 2014 GMT |
| The NEW Root Certificate for dd4b34ea can be downloaded here: new-dd4b34ea.0 |
| Import GermanGrid ROOT CA into your Browser |
| Please delete the old GriKa-CA Root certifcate in your browser before the new import. |
| Fingerprint of the ROOT CA certificate |
|---|
| SHA1 Fingerprint=AF:A0:D1:16:FB:E6:E9:44:9B:22:01:8A:6E:0D:AC:23:A7:DC:CD:A7 |
| MD5 Fingerprint=74:7A:9E:7B:6B:03:5A:FA:FC:BF:70:FB:DD:E9:95:0B |
| Certification Revocation List (CRL) |
|---|
| The Certificate Revocation List in PEM-format:
gridka-crl.pem The Certificate Revocation List in DER-format: gridka-crl.der For browser import: gridka-crl.crl |
| Certificate Policies (CP) and Certificate Practice Statement (CPS) |
|---|
| In Certificate Policy and Certification Practice statement the proceeding and boundary conditions are described, when, as and for whom a certificate is issued by the GermanGrid CA at the Research Centre Karlsruhe. |
| Here is the current CP/CPS: Version 1.5 valid since Juni 2008 |
| Older versions Version 1.4 Version 1.3 Version 1.2 Version 1.1 Version 1.0 Version 0.2 Version 0.1. |
| Who can get a certificate? |
|---|
| User, host and application certificates are provided for members of Forschungszentrum Karlsruhe and participants of the following projects, experiments and organizations: |
| High Energy Physics Experiments: | Alice Atlas BaBar CDF CMS COMPASS D0 LHCb |
| International/National projects: | LHC Computing Grid Project EGEE D-GRID NorduGrid |
| Organizations: | List of organizations |
| How to request a certificate? |
|---|
| 1.) through the Webinterface of GridKa-CA |
| The website can be used by all registered organizations. Please contact afterwards your RA administrator. |
| 2.) on a server where openssl is installed: |
| - Perl Script for easily create request file (Thanks a lot Harry Enke) |
| Download Perl Script |
| Syntax: |
perl openssl_generate_user_req.pl -u "<FirstName> <LastName>" -i "<OU>" -r "<RA_Email>" |
| <FirstName> <LastName>: your first and last name, seperated with "blank". |
| <OU>: your OrganisationalUnit), have a look at this List |
| <RA_Email>: Mailaddress of responsible person, have a look at this List |
| or |
| - Request File with openssl commands |
| description |
| 3.) on a server where globus/gLite is installed: |
| You can find a detailed description here. |
| What to do with the certificate request file? |
|---|
| If you are using the web interface and the copy of your passport was handed to the RA administrator, then the RA administrator
proofs and approves your request. Afterwards it will be signed by the GridKa-CA and placed on the interface at your disposal for
download. You will be informed abaout each step by email. In addition the download is password protected. You will get the password
also by email. Important: Please use the same web browser with the same version on the same host for requesting as well as downloading the certificate. |
| If you are using openssl or grid-cert-request you can upload the request file as PEM format at the Webinterface of GridKa-CA, or you send the signed certificate request file by email to GridKa-CA. |
| Requestors, whose organizations are not participating in the online approval process must still identify themselves toward the GridKa-CA. To guarantee the relationship between a person and certificate an identification procedure was defined which is also described in our CA Policy. This means that certificates may be issued only after approval from the responsible person for the appropriate institution. Please send a copy of your identity card to the following address with handwritten signature of the responsible person: |
| Forschungszentrum Karlsruhe |
| IWR |
| Zertifizierung |
| Hermann-von-Helmholtz-Platz 1 |
| 76344 Eggenstein-Leopoldshafen |
| Configuration files for Grid Security Infrastructure |
|---|
| download GridKa GSI RPM |
| includes following files: |
| /etc/grid-security/certificates/dd4b34ea.0 /etc/grid-security/certificates/dd4b34ea.crl_url /etc/grid-security/certificates/dd4b34ea.info /etc/grid-security/certificates/dd4b34ea.namespaces /etc/grid-security/certificates/dd4b34ea.signing_policy /etc/grid-security/globus-host-ssl.conf /etc/grid-security/globus-user-ssl.conf /etc/grid-security/grid-security.conf |
| Usage of Openssl |
| How to use openssl (german language only) |
| openssl-gridka.cnf |
| If you have problems with our CA please contact GridKa-CA. |