Presentation is loading. Please wait.

Presentation is loading. Please wait.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n. 306819.

Published byDamian Hicks Modified over 7 years ago

Similar presentations

Presentation on theme: "Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n. 306819."— Presentation transcript:

1 Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n. 306819 RA Registration Christos Kanellopoulos GRNET SAGrid All-Hands Meeting, 26 March 2013

2 Overview “SEE-GRID CA is a Certification Authority managed and operated by the GRNET S.A., coordinator of the Greek National Grid Initiative, in cooperation with the Scientific Computing Center at the Aristotle University of Thessaloniki.” 2

3 History July 2004 and April 2010, SEE-GRID CA had been operating in the context of the SEE-GRID Regional Grid Infrastructure project series (SEE-GRID-I 2004-2006, SEE-GRID-II 2006-2008, SEE-GRID-SCI 2008-2010) with the mandate to provide catch all PKI services to the wider region of South Eastern Europe in order to facilitate the needs of distributed computing and pave the way for the countries in the region to establish their own national Public Key Infrastructure and guide them through the IGTF accreditation process Since May 2010, SEE-GRID CA provides Catch-All PKI services for the European Grid Initiative (EGI.eu) in the context of EGI-InSPiRe Project. 3

4 Registration Authorities  The procedures of identification and authentication of the certificate applicants are performed by trusted individuals (Registration Authorities), appointed by the SEE-GRID CA. 4 CountryRegistration Authority / Organization GreeceGRNET AlbaniaPolytechnic University of Tiranata Bosnia and HerzegovinaUniversity of Banja Luka Bosnia and HerzegovinaUniversity of Sarajevo GeorgiaGRENA AzerbaijanNational Academy of Sciences SenegalUniversity Chaukh Anta DIOP SwitzerlandSixSq

5 How to Create a Registration Authority  In order to setup a SEE-GRID CA Registration Authority:  an official request from a legal representative of the Institute or Organization  The formal name of the institute  The person (name, contact information) of the person who will act as the RA Manager for the Institute/Organization  The person(s) (name, contact information) who will act as the RA operator(s) for the institute  A template for the request letter can be found here:  http://see-grid-ca.hellasgrid.gr/assets/SEE-GRID-CA-RA-Assignment.docx http://see-grid-ca.hellasgrid.gr/assets/SEE-GRID-CA-RA-Assignment.docx 5

6 How to Create a Registration Authority  The request must be sent to the SEE-GRID CA headquarters by mail  as this usually delays the procedure, we ask the applicants to send us also a scanned version via email in order to speed up the process.  When we receive the e-mail, we can organize a video call with the applicant in order to finalize the process  The RA Manager should be staff of the Institute/Organization  {S}he will be the main contact point between SEE-GRID CA and the Institute/Organization.  The RA manager can appoint one or more RA Operator(s) who will perform the day to day tasks 6

7 How to Create a Registration Authority  The RA operator is technical role. Has the duty to:  schedule face to face meetings with applicants in order to validate their requests,  keep the necessary records and forward the validated requests to the SEE-GRID CA.  It it not uncommon that the RA Manager also performs the duties of the RA Operator where the number of certificate requests does not justify the allocation of more resources 7

8 Identity Vetting  Physical Person:  The subject must contact the RA in person, in order to have his/her identity vetted and to verify the validity of the request.  The authentication of the subject is performed through the presentation of a valid photo ID document or passport.  In cases where the subject resides in a remote geographical location and access to an RA is not possible, identity vetting may be performed via video call.  In this case, an authenticated photocopy of the required document (ID document or passport must be delivered by mail or courier service to the RA prior to this online meeting.  Authenticated photocopy refers to the verification made by a legally accepted notary public under the law of the country where the RA operates 8

9 Identity Vetting  Digital Processing Entity or Service  The entity must already have a valid DNS entry and be in the administration domain of the applicant.  The system administrator requesting the certificate must use his/her personal certificate, issued by an IGTF accredited CA,  to authenticate to the SEE-GRID CA web portal or digitally sign the e-mail in order to submit the certificate request 9

10 Identity Vetting  Robot:  At least one of the responsible persons for the operations of the Robot must use his/her personal certificate to digitally sign the e- mail in order to submit the certificate request. 10

11 How to generate a Certificate Request  In order to generate a Certificate Request you need access to a machine with OpenSSL installed  Substitute {Country Code} with the two letter ISO 3166-1 Alpha-2 code of the country in capital letters.  Substitute {People|Hosts} with People if this request is for a personal certificate or Hosts if the request os made for a host, service or robot certificate.  Substitute {Institution Name} with the full name of your institution (for example Greek Research and Technology Network)  Substitute {Firstname Lastname} with your First and Last name. You may add your initials in between the First and Last name if you desire. 11 $ openssl req -newkey rsa:2048 –subj > "/DC=EU/DC=EGI/C={Country Code}/O={People|Hosts}/O={Institution Name}/ > CN={Firstname Lastname}" > -out cert_request.pem

12 Further Information  How to set up a new SEE-GRID CA Registration Authority  http://see-grid-ca.hellasgrid.gr/pages/setting-up-a-see-grid-ca- registration-authority http://see-grid-ca.hellasgrid.gr/pages/setting-up-a-see-grid-ca- registration-authority  How to change over a SEE-GRID CA Registration Authority  http://see-grid-ca.hellasgrid.gr/pages/change-over-a-see-grid-ca- registration-authority http://see-grid-ca.hellasgrid.gr/pages/change-over-a-see-grid-ca- registration-authority  How to create a certificate request  http://see-grid-ca.hellasgrid.gr/pages/certificate-requests/ http://see-grid-ca.hellasgrid.gr/pages/certificate-requests/ 12

Download ppt "Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n. 306819."

Similar presentations

TEAs UserAdministration+ The paperless way to apply for access to TEA SE and its web applications Revised July 2006 [Click mouse to advance from slide.

TEAs UserAdministration+ The paperless way to apply for access to TEA SE and its web applications Revised July 2006 [Click mouse to advance from slide.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Online Substantive Process LINE MANAGERS Self Teach Tutorial April 2008 Version 1.0.

Online Substantive Process LINE MANAGERS Self Teach Tutorial April 2008 Version 1.0.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.
1 The HRSA Electronic Handbooks (EHBs) Judy Ceresa HRSA - Division of Grants Policy Elisa Peet HRSA Call Center August 27, 2007.

1 The HRSA Electronic Handbooks (EHBs) Judy Ceresa HRSA - Division of Grants Policy Elisa Peet HRSA Call Center August 27, 2007.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

Similar presentations

Ads by Google