Download presentation
Presentation is loading. Please wait.
Published byLester Maxwell Modified over 9 years ago
1
CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( john.kewley@stfc.ac.uk ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI TF 2011
2
Outline 1.The UK e-Science CA 2.Problems with our CA Web Interface 3.CertWizard 4.Future Work 16/11/20152EGI TF 2011
3
The UK e-Science CA 2 nd largest Grid CA IGTF accredited classic CA 28,972 certificates issued 2,882 active currently RA network across UK academia (61 RAs with 112 RA Operators) 16/11/2015EGI TF 20113
4
The UK e-Science CA To support ancillary services we also have * 2x SLCS online CAs (SSO and SARoNGS) * 3x MyProxy Servers * 2x VOMS server * Training CA (for short-lived training certificates) * Test CA (for RA Training and testing)
5
UK eScience Root CA Hierarchy
6
Problems Many certificate problems on our helpdesk (typically browser issues) Browsers change, we can't support them all, especially on different platforms OpenCA s/w we use hasn't been kept up to date... and we had amended it! Website certificate not trusted by browsers 16/11/2015EGI TF 20116
7
"Hierarchitecture" 16/11/2015EGI TF 20117 SigningCA DB CertWizard server CertWizard client PeCR2OpenCABrowserPeCR/PCR
8
Features 1.Platform and browser independent 2.No CA Certificates to download first 3.Integrated into our existing MyProxyUploader 16/11/2015EGI TF 20118
9
Functionality Apply for a new certificate Renew an existing certificate Request revocation of a certificate Export/Backup your certificate Import a certificate Integrated into our proxy generation tool: – GSI “local” proxies – MyProxy upload – Adding VOMS attributes 16/11/2015EGI TF 20119
10
http://www.ngs.ac.uk/tools/certwizard 16/11/2015EGI TF 201110
11
Apply for a Certificate 16/11/2015EGI TF 201111
12
Renew Certificate 16/11/2015EGI TF 201112
13
Request Revocation 16/11/2015EGI TF 201113
14
Export/Backup 16/11/2015EGI TF 201114
15
Install Certificate Converts certificate to a usercert/userkey.pem pair for use by the proxy generation parts of the tool. 16/11/2015EGI TF 201115
16
Seamless Interworking Integrated with MyProxyUploader, our previous proxy generation tool Uploading to MyProxy servers Local Proxies Add VOMS attributes 16/11/2015EGI TF 201116
17
Configuration CA Certificates MyProxy servers VOMS servers Your Certificate 16/11/2015EGI TF 201117
18
MyProxyUploader 16/11/2015EGI TF 201118
19
Local Proxy 16/11/2015EGI TF 201119
20
VOMS attributes 16/11/2015EGI TF 201120
21
Further Work Adding an RA Tab Adding a tab for Host Certificates, including bulk requests Provision for email address changes Permit renewals within 1 month of expiry Upgrading underlying libraries 16/11/2015EGI TF 201121
22
Other Developments Rollover of CA Certificate Moving to an online CA Improved functionality for bulk requests Considering accreditation for our SLCS CA Restructuring of our CP/CPS 16/11/2015EGI TF 201122
23
Acknowledgements Jens Jensen, David Meredith and Akay Okcun Numerous other developers NGS STFC 16/11/201523EGI TF 2011
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.