Particle Physics Data Grid
A member of
  PPDG Registration Authority in the DOEGrids PKI

 

Important
Documents
and
Policies

 

DOEGrids CA

 

Help


Acknowledgements

US Physics Grid Projects

Scientific Discover through Advanced Computing
Notice to users
Webmaster

By requesting (and renewing) a certificate you indicate that you accept the Certificate Policy and Certificate Practice Statement and that you agree to the Subscriber Obligations specified in that document.

Before you may request a host or service certificate you must have a valid personal identity certificate issued by the DOESG CA.

If you want to request an identity certificate for yourself please go here.

The easiest way to get a service certificate is by using the command-line scripts. However, if you want to use the web interface, follow the instructions below. If you are ready to request your host or service certificate, then follow the step by step instructions below. If you need to renew a host or service certificate to replace one that is about to expire, you simply request a new one with the same name as the old one (same DN).

Step 0.

The DOEGrids CA issues certificates in the namespaces of:
OU=Services;DC=org;DC=doegrids

If your request ends up with O=Globus it needs to be changed to match the form above.  A tarfile with the right globus configuration files to make this the default is available at https://pki1.doegrids.org/Other/doegrids.tar.

Step 1. 

The instructions for the iVDGL RA are good for this step, see
http://www.lsc-group.phys.uwm.edu/ivdgl/RA/hostcertreq.html.

If you should get a certificate request with a subject like
/DC=doegrids/DC=org/OU=Services/CN=<something>.

If you get some other DN (like /O=Globus/O=Grid) then probably the configuration was incorrect and you should look at the doegrids/README.doegrids in the above mentioned tar file.

Step 2.  
Click here to open the request form.

Step 3.  
Cut and paste the certificate request - Starting with the line 
-----BEGIN CERTIFICATE REQUEST----- 
up to and including the line 
-----END CERTIFICATE REQUEST----- 
generated by grid-cert-request. Fill in your name, email and phone number and submit the form.

Step 4.  
When the CA has signed your certificate, you will receive an email message which contains a URL to the certificate. Follow that and and cut and paste the "Base64 encoded certificate" into the file hostcert.pem. You then need to install these files where the software can find them. In the case of host certificates it is in /etc/grid-security with the names hostcert.pem and hostkey.pem. For other server certificates, it is wherever your server wants it to be.

If there are error messages please copy them to trouble@es.net.

                       
Atlas BaBar CDF CMS DZero PHENIX STAR TJNAF
Condor Globus SRB SRM
www.ppdg.net www.griphyn.org www.ivdgl.org