Cert Wizard a New Certificate Tool for the
- Slides: 23
Cert. Wizard: a New Certificate Tool for the UK NGI User Community John Kewley (john. kewley@stfc. ac. uk), Jensen, David Meredith and Akay Okcun 27/02/2021 EGI TF 2011 1
Outline 1. 2. 3. 4. The UK e-Science CA Problems with our CA Web Interface Cert. Wizard Future Work 27/02/2021 EGI TF 2011 2
The UK e-Science CA • • • 2 nd largest Grid CA IGTF accredited classic CA 28, 972 certificates issued 2, 882 active currently RA network across UK academia (61 RAs with 112 RA Operators) 27/02/2021 EGI TF 2011 3
The UK e-Science CA To support ancillary services we also have * 2 x SLCS online CAs (SSO and SARo. NGS) * 3 x My. Proxy Servers * 2 x VOMS server * Training CA (for short-lived training certificates) * Test CA (for RA Training and testing)
UK e. Science Root CA Hierarchy
Problems • Many certificate problems on our helpdesk (typically browser issues) • Browsers change, we can't support them all, especially on different platforms • Open. CA s/w we use hasn't been kept up to date. . . and we had amended it! • Website certificate not trusted by browsers 27/02/2021 EGI TF 2011 6
"Hierarchitecture" Signing CA DB Cert. Wizard server Cert. Wizard client 27/02/2021 Open. CA Pe. CR 2 Browser EGI TF 2011 Pe. CR/PCR 7
Features 1. Platform and browser independent 2. No CA Certificates to download first 3. Integrated into our existing My. Proxy. Uploader 27/02/2021 EGI TF 2011 8
Functionality • • • Apply for a new certificate Renew an existing certificate Request revocation of a certificate Export/Backup your certificate Import a certificate Integrated into our proxy generation tool: – GSI “local” proxies – My. Proxy upload – Adding VOMS attributes 27/02/2021 EGI TF 2011 9
http: //www. ngs. ac. uk/tools/certwizard 27/02/2021 EGI TF 2011 10
Apply for a Certificate 27/02/2021 EGI TF 2011 11
Renew Certificate 27/02/2021 EGI TF 2011 12
Request Revocation 27/02/2021 EGI TF 2011 13
Export/Backup 27/02/2021 EGI TF 2011 14
Install Certificate Converts certificate to a usercert/userkey. pem pair for use by the proxy generation parts of the tool. 27/02/2021 EGI TF 2011 15
Seamless Interworking Integrated with My. Proxy. Uploader, our previous proxy generation tool • Uploading to My. Proxy servers • Local Proxies • Add VOMS attributes 27/02/2021 EGI TF 2011 16
Configuration • • CA Certificates My. Proxy servers VOMS servers Your Certificate 27/02/2021 EGI TF 2011 17
My. Proxy. Uploader 27/02/2021 EGI TF 2011 18
Local Proxy 27/02/2021 EGI TF 2011 19
VOMS attributes 27/02/2021 EGI TF 2011 20
Further Work • Adding an RA Tab • Adding a tab for Host Certificates, including bulk requests • Provision for email address changes • Permit renewals within 1 month of expiry • Upgrading underlying libraries 27/02/2021 EGI TF 2011 21
Other Developments • • • Rollover of CA Certificate Moving to an online CA Improved functionality for bulk requests Considering accreditation for our SLCS CA Restructuring of our CP/CPS 27/02/2021 EGI TF 2011 22
Acknowledgements • • Jensen, David Meredith and Akay Okcun Numerous other developers NGS STFC 27/02/2021 EGI TF 2011 23
- Certwizard
- Part 46 training
- Potter's tool is data cleaning tool
- Iso 22301 utbildning
- Typiska novell drag
- Tack för att ni lyssnade bild
- Vad står k.r.å.k.a.n för
- Varför kallas perioden 1918-1939 för mellankrigstiden
- En lathund för arbete med kontinuitetshantering
- Personalliggare bygg undantag
- Personlig tidbok
- Anatomi organ reproduksi
- Vad är densitet
- Datorkunskap för nybörjare
- Stig kerman
- Debattartikel struktur
- Delegerande ledarskap
- Nyckelkompetenser för livslångt lärande
- Påbyggnader för flakfordon
- Lufttryck formel
- Offentlig förvaltning
- Lyckans minut erik lindorm analys
- Presentera för publik crossboss
- Teckenspråk minoritetsspråk argument