Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

Published byPreston McCarthy Modified over 9 years ago

Similar presentations

Presentation on theme: "UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06."— Presentation transcript:

1 UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06

2 What is UNAMgrid CA The UNAMgrid CA provide X.509 certificates to the Mexican academic community and related entities for e- science.The UNAMgrid CA provide X.509 certificates to the Mexican academic community and related entities for e- science. It is located in the Departamento de Seguridad en Cómputo (UNAM- CERT/DSC) of the Direccion General de Servicios de Cómputo Académico(DGSCA), of the UNAM.It is located in the Departamento de Seguridad en Cómputo (UNAM- CERT/DSC) of the Direccion General de Servicios de Cómputo Académico(DGSCA), of the UNAM.

3 Web Site The UNAMgrid Site was created with OpenCA tool adapting to HTML code. The UNAMgrid Site is: –Outline CA –Online RA –Online Public Web Interface

4 CA information The UNAMgrid CA will operate a secure repository that contains: The UNAMgrid CA certificate (available in PEM, CRT, CER, TXT) and all previous ones necessary to check still valid certificates, The UNAMgrid CA certificate (available in PEM, CRT, CER, TXT) and all previous ones necessary to check still valid certificates, A Certificate Revocation List (available in DER, PEM, TXT) A Certificate Revocation List (available in DER, PEM, TXT) A copy of the most recent version of this policy and all previous versions. A copy of the most recent version of this policy and all previous versions.

5 How to get a Certificate A brief overview of this process is as follows: 1.Set your browser up to work with the Certificate Authority. 2.Request a certificate from the Certificate Authority. 3. Your nearest Registration Authority (RA) will then require a face-to-face meeting with you to verify your identity. They will need to see your photo ID.

6 4. The RA checks the PIN that you entered when requesting your certificate. 5. Then the RA checks that you are part of a recognized organization. 6. If all criteria are validated then the RA will approve the request. 7. The CA operator will review the approval and sign it. 8. You will be informed, by email, that your certificate is ready. The email will include the serial number and instructions about how to get your certificate.

7 Step 1: Setting up your browser to work with the CA a)Go to the CA, located at http://www.unamgrid.unam.mx http://www.unamgrid.unam.mx b)Click “CA Information”, then “Get CA Certificate” and finally CA Certificate in Browser Importable Format.

8 c) For Firefox will display a text box asking for what purposes the Certificate should be trusted. Check all the boxes and click OK. For Internet Explorer (IE) will display a prompt asking whether to Open or Save the certificate. Click Open and then click 'Install Certificate' which is located in the certificate window that opens. For Internet Explorer (IE) will display a prompt asking whether to Open or Save the certificate. Click Open and then click 'Install Certificate' which is located in the certificate window that opens.

9 Step 2: Request a Certificate To request a User Certificate, you will need to do the following: a)Navigate to the CA at http://www.unamgrid.unam.mx a)Click Certificates, then Request a Certificate and finally User Certificates

10 c) You will see a form asking you for your details. You must fill in this form with your real name (first and last name must be provided and separated by a single space). Provide a valid email address and select the RA. Also enter a PIN that will be used to verify your identity.

11 d) You will see a confirmation form with the data that you entered. Review the details and then press Continue.

12 e) Your browser now is generating a keypair. f) Wait for a while, the browser generates the keypair. g) You will get a message saying that the request has been successful. Your RA will contact you shortly to arrange a face to face meeting.

13 Step 3: Download the Certificate When your Certificate is signed you will need to import it into your browser. You can do this by doing the following: Navigating to the CA webpage at http://www.unamgrid.unam.mx and clicking Certificates, then Import Certificate into Browser and entering the serial number given in the e-mail. Navigating to the CA webpage at http://www.unamgrid.unam.mx and clicking Certificates, then Import Certificate into Browser and entering the serial number given in the e-mail. http://www.unamgrid.unam.mx

14 Verifying Import When you have imported your certificate, test that it worked by doing the following: a)Navigate to the CA webpage at http://www.unamgrid.unam.mx http://www.unamgrid.unam.mx b)Click Certificates and then Test Certificate.

15 d) Type in your Master Password (Firefox only). e) You will be presented with a form. Click Sign.

16 f) Select the certificate you have just requested. Enter your Master Password and press OK. g) You should see Valid Certificate on the Web page. If not, your private key and public key may have been corrupted and you should contact to technical support.

17 Step 4: Downloading the Certificate Revocation List (CRL) into your browser The Certificate Revocation List is a list of Certificates that have been revoked and should not be trusted. You should have this imported into your browser otherwise you may be tricked into connecting to a compromised site. To import the CRL into your browser: a) Navigate to the CA at http://www.unamgrid.unam.mx http://www.unamgrid.unam.mx

18 b)Click CA Info, then Certificate Revocation Lists and finally CRL in DER format c) Click Yes to setting up automatic update. d) Check the box to allow automatic updates. e) Click Ok.

19 Future works Issue a new CA certificate with the following: Issue a new CA certificate with the following: C=mx, O=UNAMgrid, OU=UNAM, CN=CA New CP/CPS: Version 2c New CP/CPS: Version 2c Modify the OpenCA source code to validate a person certificate when a new host/service request is generated Modify the OpenCA source code to validate a person certificate when a new host/service request is generated

20 Modify the OpenCA source code to send an e- mail to CA Operator and RA Operator when a new request is generated, this will help to make more easy to signed process. Modify the OpenCA source code to send an e- mail to CA Operator and RA Operator when a new request is generated, this will help to make more easy to signed process. Create and publish “Howto”: Create and publish “Howto”: –How does certificate work –How to request a certificate –How to revoke a certificate –Prepare a certificate for use by Globus Toolkit –Convert a certificate to/from PEM format

21 Comments??

Download ppt "UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06."

Similar presentations

11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.

11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.
Step 1 Start your web browser (Internet Explorer or Firefox). Step 2 Type: in the Address box Step 3 Press Enter on the keyboard.

Step 1 Start your web browser (Internet Explorer or Firefox). Step 2 Type: in the Address box Step 3 Press Enter on the keyboard.
Module: 201 Create and Manage Your Agent Account.

Module: 201 Create and Manage Your Agent Account.
How to Use Stowe School District

How to Use Stowe School District
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
Office of Labor-Management Standards (OLMS)

Office of Labor-Management Standards (OLMS)
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
SAM 2007 v4 The Student Experience Including SAM Projects, SAM Exams and SAM Training.

SAM 2007 v4 The Student Experience Including SAM Projects, SAM Exams and SAM Training.
Polycom Quotes on Demand Tool Partner User Guide Version 1.1

Polycom Quotes on Demand Tool Partner User Guide Version 1.1
How to access AUXDATA March 20111. If you have not received a Username from your DSO-IS, do not go any further. Send a request to your FSO-IS/SO-IS asking.

How to access AUXDATA March If you have not received a Username from your DSO-IS, do not go any further. Send a request to your FSO-IS/SO-IS asking.
Steps to Recover Private Encryption Keys

Steps to Recover Private Encryption Keys
Password Reset Instructions PART 1 The following set-up tasks must be performed first in order to use the Automated Password Reset feature. 1.Log into.

Password Reset Instructions PART 1 The following set-up tasks must be performed first in order to use the Automated Password Reset feature. 1.Log into.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
How to Logon Oracle Collaboration Suite and change password? STEP 1 Launch https://ocs.aecom.yu.edu.

How to Logon Oracle Collaboration Suite and change password? STEP 1 Launch
Autoway Groupware User Guide 1 간지 Ⅰ. 시스템소개 Autoway Groupware User Manual Ⅱ. LOG-IN & Home | Autoway Login | Home Layout | My Job | Home Setting | Additional.

Autoway Groupware User Guide 1 간지 Ⅰ. 시스템소개 Autoway Groupware User Manual Ⅱ. LOG-IN & Home | Autoway Login | Home Layout | My Job | Home Setting | Additional.

Similar presentations

Ads by Google