Presentation is loading. Please wait.

Presentation is loading. Please wait.

UK e-Science CA and JCS Migration Status

Published byLeif Knudsen Modified over 6 years ago

Similar presentations

Presentation on theme: "UK e-Science CA and JCS Migration Status"— Presentation transcript:

1 UK e-Science CA and JCS Migration Status
Jens Jensen, John Kewley EUGridPMA May 2015 København

2 Community “UK e-Science” GridPP …? UK eScience Status 29/12/2018

3 Staff (alphabetically)
Jens Jensen – CA manager, signing code, packaging scripts David Kelsey – representing CA with PMAs John Kewley – user support, packaging scripts David Meredith – code for caportal and CW Suleman Tariq – sysadmin and DR UK eScience Status 29/12/2018

4 Current Status Currently continuing as before
~1700 valid distinct host certs ~ 800 valid distinct user certs ~10 distinct robots Total issuance >37000 Still adding RAs –200 distinct operators in database Still working with JANET on migration opportunities More on this in a later slide Improving stuff CertWizard CAPortal New CP has taken effect Tidying extensions Talk Title Goes Here 29/12/2018

5 Renewals Old stuff still around Disaster Recovery Future directions
Some SHA1s still alive, sign as SHA2 upon renewal Even a few Netscape extensions, removed upon renewal Likewise -in-DN, ancient and deprecated Disaster Recovery Improved DR for Root (ROBAB) Improved DR for SARoNGS Already good DR for 2B (semi-online, warm spare) Future directions Likely to retire 2A (online) now Reimplement HSM? JCS migration Talk Title Goes Here 29/12/2018

6 Risks Not much effort Ageing HSMs Self audit
Development, support, proactive stuff After the closure of NGS Trying to understand user communities (other than GridPP) Ageing HSMs No in-plan recovery, must rebuild Considered “small” HSMs Some funding made available by STFC – but need to consider future Self audit Talk Title Goes Here 29/12/2018

7 Original UK eScience Certificate Hierarchy
Dev CA* Training CA Root 2007 CA CA 2A (online) CA 2B (offline) SLCS Toplevel SARoNGS Climate CAs RIGroup Meeting 29/12/2018

8 Changes in the pipeline
Service certificate support (generally deprecated) Turn off OpenCA i/f Downloads of CRLs on ca.grid-support.ac.uk ~ 5200/day New PeCR scripts + maybe CertWizard CLI SHA-2 (done) Requires a port of CertWizard to jGlobus2 IPv6 Our CRLs should probably be made available to test Key-pair generation – inline in caportal Tweak certificate format for new Grid Certificate Profile (done) RIGroup Meeting 29/12/2018

9 When can we turn off OpenCA?
Previous OpenCA Interfaces: ca.grid-support.ac.uk: for Users ca-ra.grid-support.ac.uk/ra: for RA Operators ca-ra.grid-support.ac.uk/node: for CA Operators 1 and 2 replaced with caportal, 1 with CW Lots of downloads of CRLs from ca.grid-support.ac.uk (5200/d) “New” CDPs advertised for years – since 1.32 or so!? RIGroup Meeting 29/12/2018

10 JCS Migration Aim is to migrate if possible Interfacing to CA
Interface to QV for certificate issuance Interfacing to CA Keep caportal and CW running, interfacing to QV? Ke Identity management options – interim/future Keep existing RA network and identities (but DNs will change?) Use UKAMF (needs extra attributes – REFEDS) Use JISC Assent Migration Change DNs!? Continuing support for robots, services? UK eScience Status 29/12/2018

Download ppt "UK e-Science CA and JCS Migration Status"

Similar presentations

Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/

Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/
Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.

Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.
CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept. 2013.

CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.

On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.
Usable Security for Science Challenges and Next Steps Jens Jensen Science and Technology Facilities Council Trust and Security 2 nd Workshop Oxford 8-9.

Usable Security for Science Challenges and Next Steps Jens Jensen Science and Technology Facilities Council Trust and Security 2 nd Workshop Oxford 8-9.
IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep. 2008 Computer Center, IHEP,CAS,China.

IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep Computer Center, IHEP,CAS,China.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI.

CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Authentication and Integrated Identity Management HEPiX, CASPUR, Rome 3-7 April 2006.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Authentication and Integrated Identity Management HEPiX, CASPUR, Rome 3-7 April 2006.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Jens G Jensen UK e-Science Alternative CA software Jens G Jensen UK e-Science CA Rutherford Appleton Laboratory.

Jens G Jensen UK e-Science Alternative CA software Jens G Jensen UK e-Science CA Rutherford Appleton Laboratory.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien April 20, 2009 6 th APGridPMA in Taipei.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien April 20, th APGridPMA in Taipei.
On Robots J Jensen STFC Rutherford Appleton Lab Banff, 16-18 July 2007.

On Robots J Jensen STFC Rutherford Appleton Lab Banff, July 2007.
Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA

Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA
The NGS Support Centre Katie Weeks. NGS Support Centre SLD Many areas to NGS Support Centre –SLD defines supported areas including: Certification Authority.

The NGS Support Centre Katie Weeks. NGS Support Centre SLD Many areas to NGS Support Centre –SLD defines supported areas including: Certification Authority.
A New UK CA Portal David Meredith Jens Jensen John Kewley.

A New UK CA Portal David Meredith Jens Jensen John Kewley.
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting 27.01.2009 Nicosia Tamás Máray NIIF Institute.

NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.

PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.

Similar presentations

Ads by Google