• About EGEE
  • News
  • Mission
  • Partners
  • Activities
  • Applications
  • FAQs
  • Results
• EGEE Events
  • Local actions
  • Official meetings
  • Press releases
  • ??? NavText ???
• Grids related info
  • GridCafé
  • Lexicon & acronyms
  • Specific pointers
• For users
  • Test the Grid / GILDA
  • Grid tools
  • Quick start
  • Support
  • Access portals
• VOCE
  • How to join
  • Usage rules
  • VOCE Utilization
  • User Interface
  • Manuals / Guides
  • VOCE support
  • VOCE UIPnP
  • Wiki
• VO MPI
  • Usage rules
• JRA1 CZ
  • LB - Logging & Bookkeeping
  • Job Provenance
  • Proxy renewal
  • GSS/gsoap plugin
• SA1 CZ
  • Monitoring
• VO auger

GILDA Certification

GILDA Certification

The EGEE induction course will make use of a demonstration grid called GILDA and a portal called GENIUS, both hosted at the University of Catania in Italy.  Access to both GILDA and GENIUS, in common with many Grid systems,  is controlled by means of a digital certificate.  

Participants in the course must therefore obtain a certificate for these systems before attending the course. As a security measure the issuing of certificates is not automated and requires human intervension. So time must be allowed for this to happen, it is therefore suggested that applications for certificates be made at least 3 working days before the beginning of the course.

This document describes the steps required to obtain a GILDA certificate and following them should allow you to obtain a valid certificate which will be valid for 14 days intially but which may be extended later for use in the course or after the end of the course.

Participants will also have to register with the GILDA Virtual Organisation (VO) which is the virtual work space on the GILDA grid within which we will be conducting the practical parts of the course. Intructions for doing this are also included in this guide.  Related issues will be examined as part of the course.

Participants actions required

Introduction

In order that Grid computing can be made secure, mechanisms are needed so that users can be recognised ("authentication") and the scope of their activities can be controlled ("authorisation"). The basis of this is a software "certificate", an encrypted file issued by a recognised "certification authority" and conforming to standard X.509. The user must request a certificate, giving their name, place of work, and email address. This request is then accepted or rejected by an authorised person at the CA. This process is carried out manual to enhance security.

Once issued, this certificate is used by the middleware to identify the user when accessing the Grid. For this to happen it must reside on a machine used by the Grid middleware. More precisely, the user's certificate is downloaded to a Grid once, using a secure protocol, and then a "proxy certificate" is created and it is this proxy, not the actual certificate, that is associated with each Grid request.

Security issues

In what follows you are setting usernames and passwords. Please remember them. There is no way to discover them if you lose them! This proceedure is also explained on the GILDA website . They are:

• pass phrase and name given for the certificate
• your GILDA testbed accountname and password
• the password associated with the exported certificate

NOTE: usernames must be under 8 characters; use only alphanumerics in usernames and passwords/phrases (not "space", nor !"?$%^&*())_- use only letters and numbers) .

Individual steps

1. Check that you have the following software on your computer: Mozilla 1.5 or later; or Internet Explorer 5 or later. GILDA software is tested only for these.

2. Before proceeding: note that three requests are made:

• to obtain a CA certificate; this is then used in:
• your request for your own certificate;
• a request join the GILDA Virtual Organisation.

3. Go to GILDA , the homepage of the GILDA dissemination tesbed. The linked boxes show the processes required to access GILDA: before the course, the first two steps ("certification" and "register to the GILDA VO" must be completed. All these requests should be made from the same browser (because the certificates are installed into that browser).

When all 3 steps are done, then the certificate will be exported, and can be written to a CD, USB drive or to a floppy disk and MUST be brought to the EGEE course.

4. Follow the instructions found after selecting the "1) Certification" box near the top of the page. You will first request a certificate from the CA; this is sent to you. You will then request your personal certifacte, and after a few hours, perhaps longer, receive an email to give the URL from which the certificate can be received by the same browser you used to issue the requests.

5. Once you have your personal certificate, export it to disk so you can:

• bring it to the course and
• once at the EGEE course, use a secure file transfer protocol to upload it to GILDA.

To export a certificate using Microsoft Internet Explorer follow:

• Open the Internet Properties Control Panel (also available in IE under the tools menu as Internet Options). Go to the Content tab and click on the "Certificates..." button.
• Find and select the GILDA certificate then click the "Export..." button.
• When prompted ensure that the Private Key is also exported.

To export a certificate using Mozilla follow:

• From the Edit Menu - open Preferences. Expand "Privacy & Security" then select "Certificates".
• Click the "Manage Certificates..." button.
• Find and Select the Gilda Certificate then click the "Backup" button.

6. Register to the GILDA VO. Please tick the GILDA tick box to get this VO. This also requires manual intervention in Italy, so please also do this before
the course.