Difference between revisions of "Getting a Grid Certificate"

From GlueXWiki
Jump to: navigation, search
Line 5: Line 5:
 
* Navigate to [http://digicert-grid.com/ the DigiCert CA web site] and install the trusted root certificates for the DigiCert CA.  You can do this in your browser by clicking on the link after "CA Certificate".  You want both the [http://digicert-grid.com/DigiCertGridRootCA.cer DigiCert Grid Root CA] and [http://digicert-grid.com/DigiCertGridCA-1.cer DigiCert Grid CA-1].  Either the "pem" (unix style) or the "der" (windows style) links should be recognized by your browser, but you only need one of them, not both. When prompted, click "Install".  You don't need anything except the CA Certificates for the DigiCert-Grid Grid-Only Trust CAs.
 
* Navigate to [http://digicert-grid.com/ the DigiCert CA web site] and install the trusted root certificates for the DigiCert CA.  You can do this in your browser by clicking on the link after "CA Certificate".  You want both the [http://digicert-grid.com/DigiCertGridRootCA.cer DigiCert Grid Root CA] and [http://digicert-grid.com/DigiCertGridCA-1.cer DigiCert Grid CA-1].  Either the "pem" (unix style) or the "der" (windows style) links should be recognized by your browser, but you only need one of them, not both. When prompted, click "Install".  You don't need anything except the CA Certificates for the DigiCert-Grid Grid-Only Trust CAs.
 
* You should receive an email back from OSG-PKI within three working days informing you that your certificate is ready, and giving instructions for how to retrieve it.
 
* You should receive an email back from OSG-PKI within three working days informing you that your certificate is ready, and giving instructions for how to retrieve it.
* Install the new certificate into your favorite browser(s).  It should be easy to figure out how to do this, and if not, plenty of help on this topic is available on the web for your particular browser.
+
* Install the new certificate into your favorite browser(s).  It should be easy to figure out how to do this, and if not, plenty of help on this topic is available on the web for your particular browser.  You may look [https://www.racf.bnl.gov/docs/howto/grid/osx-doegrids-safari here for guidance on how to install certificates into Safari].  
 
* Navigate to [https://gryphn.phys.uconn.edu:8443/voms/Gluex the Gluex VOMS web service] and fill out the form to register as a new Gluex user.
 
* Navigate to [https://gryphn.phys.uconn.edu:8443/voms/Gluex the Gluex VOMS web service] and fill out the form to register as a new Gluex user.
 
* Within one working day, the Gluex VOMS admin should respond to your request and grant you membership.
 
* Within one working day, the Gluex VOMS admin should respond to your request and grant you membership.

Revision as of 22:33, 10 January 2013

  • Follow the step-by-step instructions for requesting a certificate at https://oim.grid.iu.edu/oim/certificaterequestuser
  • For your Sponsor select "Gluex" from the pulldown list.
  • In the Sponsor text box, give the name of the GlueX collaboration contact person for your group.
  • You will get a request ID for tracking purposes.
  • Navigate to the DigiCert CA web site and install the trusted root certificates for the DigiCert CA. You can do this in your browser by clicking on the link after "CA Certificate". You want both the DigiCert Grid Root CA and DigiCert Grid CA-1. Either the "pem" (unix style) or the "der" (windows style) links should be recognized by your browser, but you only need one of them, not both. When prompted, click "Install". You don't need anything except the CA Certificates for the DigiCert-Grid Grid-Only Trust CAs.
  • You should receive an email back from OSG-PKI within three working days informing you that your certificate is ready, and giving instructions for how to retrieve it.
  • Install the new certificate into your favorite browser(s). It should be easy to figure out how to do this, and if not, plenty of help on this topic is available on the web for your particular browser. You may look here for guidance on how to install certificates into Safari.
  • Navigate to the Gluex VOMS web service and fill out the form to register as a new Gluex user.
  • Within one working day, the Gluex VOMS admin should respond to your request and grant you membership.
  • Verify that your new certificate is fully authorized on the OSG as a member of the Gluex VO by trying the following command in the unix shell where you installed your certificate. You will be prompted to enter the password that you specified when you created the certificate.
voms-proxy-init -dont-verify-ac -voms Gluex:/Gluex