Presentation is loading. Please wait.

Presentation is loading. Please wait.

CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI.

Published byLester Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI."— Presentation transcript:

1 CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( john.kewley@stfc.ac.uk ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI TF 2011

2 Outline 1.The UK e-Science CA 2.Problems with our CA Web Interface 3.CertWizard 4.Future Work 16/11/20152EGI TF 2011

3 The UK e-Science CA 2 nd largest Grid CA IGTF accredited classic CA 28,972 certificates issued 2,882 active currently RA network across UK academia (61 RAs with 112 RA Operators) 16/11/2015EGI TF 20113

4 The UK e-Science CA To support ancillary services we also have * 2x SLCS online CAs (SSO and SARoNGS) * 3x MyProxy Servers * 2x VOMS server * Training CA (for short-lived training certificates) * Test CA (for RA Training and testing)

5 UK eScience Root CA Hierarchy

6 Problems Many certificate problems on our helpdesk (typically browser issues) Browsers change, we can't support them all, especially on different platforms OpenCA s/w we use hasn't been kept up to date... and we had amended it! Website certificate not trusted by browsers 16/11/2015EGI TF 20116

7 "Hierarchitecture" 16/11/2015EGI TF 20117 SigningCA DB CertWizard server CertWizard client PeCR2OpenCABrowserPeCR/PCR

8 Features 1.Platform and browser independent 2.No CA Certificates to download first 3.Integrated into our existing MyProxyUploader 16/11/2015EGI TF 20118

9 Functionality Apply for a new certificate Renew an existing certificate Request revocation of a certificate Export/Backup your certificate Import a certificate Integrated into our proxy generation tool: – GSI “local” proxies – MyProxy upload – Adding VOMS attributes 16/11/2015EGI TF 20119

10 http://www.ngs.ac.uk/tools/certwizard 16/11/2015EGI TF 201110

11 Apply for a Certificate 16/11/2015EGI TF 201111

12 Renew Certificate 16/11/2015EGI TF 201112

13 Request Revocation 16/11/2015EGI TF 201113

14 Export/Backup 16/11/2015EGI TF 201114

15 Install Certificate Converts certificate to a usercert/userkey.pem pair for use by the proxy generation parts of the tool. 16/11/2015EGI TF 201115

16 Seamless Interworking Integrated with MyProxyUploader, our previous proxy generation tool Uploading to MyProxy servers Local Proxies Add VOMS attributes 16/11/2015EGI TF 201116

17 Configuration CA Certificates MyProxy servers VOMS servers Your Certificate 16/11/2015EGI TF 201117

18 MyProxyUploader 16/11/2015EGI TF 201118

19 Local Proxy 16/11/2015EGI TF 201119

20 VOMS attributes 16/11/2015EGI TF 201120

21 Further Work Adding an RA Tab Adding a tab for Host Certificates, including bulk requests Provision for email address changes Permit renewals within 1 month of expiry Upgrading underlying libraries 16/11/2015EGI TF 201121

22 Other Developments Rollover of CA Certificate Moving to an online CA Improved functionality for bulk requests Considering accreditation for our SLCS CA Restructuring of our CP/CPS 16/11/2015EGI TF 201122

23 Acknowledgements Jens Jensen, David Meredith and Akay Okcun Numerous other developers NGS STFC 16/11/201523EGI TF 2011

Download ppt "CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
Efficient Support John Kewley UK NGI Support Centre Manager STFC Daresbury Laboratory 30th March 2010GridPP 26 (University of Sussex)1.

Efficient Support John Kewley UK NGI Support Centre Manager STFC Daresbury Laboratory 30th March 2010GridPP 26 (University of Sussex)1.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006 www.opensciencegrid.org.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April
PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
John Kewley e-Science Centre GIS and Grid Computing Workshop 13 th September 2005, Leeds Grid Middleware and GROWL John Kewley

John Kewley e-Science Centre GIS and Grid Computing Workshop 13 th September 2005, Leeds Grid Middleware and GROWL John Kewley
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Slide 1 of 10 Client Digital Certificate Upgrade.

Slide 1 of 10 Client Digital Certificate Upgrade.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept. 2013.

CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept
UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Similar presentations

Ads by Google