CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI.

Slides:



Advertisements
Similar presentations
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Advertisements

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Contrail and Federated Identity Management
Efficient Support John Kewley UK NGI Support Centre Manager STFC Daresbury Laboratory 30th March 2010GridPP 26 (University of Sussex)1.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April
PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
John Kewley e-Science Centre GIS and Grid Computing Workshop 13 th September 2005, Leeds Grid Middleware and GROWL John Kewley
WebFTS as a first WLCG/HEP FIM pilot
Slide 1 of 10 Client Digital Certificate Upgrade.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept
UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Jens G Jensen CCLRC e-Science Single Sign-on at RAL (and DLS too) Authentication and Integrated Identity Management hepsysman Cambridge, 23 Oct 2006.
UK NGI Operations John Gordon 15 th May NGS continuation NGI Security Monitoring VOMS Helpdesk I am reacting to some issues highlighted by Jeremy.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.
NGS Portal.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Authentication and Integrated Identity Management HEPiX, CASPUR, Rome 3-7 April 2006.
Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.
Jens G Jensen UK e-Science Alternative CA software Jens G Jensen UK e-Science CA Rutherford Appleton Laboratory.
Next Steps: becoming users of the NGS Mike Mineter
12th September 2007UK e-Science All Hands Meeting1 John Kewley Grid Technology Group e-Science Centre STFC Daresbury Laboratory GROWL.
INFSO-RI Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Secure hardware tokens David Groep DutchGrid CA. DutchGrid CA requirements Need for automated clients –from the bioinformatics domain (NBIC BioRange/BioAssist)
Security Solutions Rachana Ananthakrishnan University of Chicago.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.
The NGS Support Centre Katie Weeks. NGS Support Centre SLD Many areas to NGS Support Centre –SLD defines supported areas including: Certification Authority.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
A New UK CA Portal David Meredith Jens Jensen John Kewley.
Troubleshooting Grid authentication from the client side By Adriaan van der Zee Big Grid meeting
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
Placeholder ES 1 CERN IT EGI Technical Forum, Experiment Support group AAI usage, issues and wishes for WLCG Maarten Litmaath CERN.
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Improved X.509 Management Using PKCS11 Daniel Kouřil, Michal Procházka CESNET.
Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.
20-21 January 2005 Athens, January 2005 HellasGrid CA & euGridPMA EGEE 3rd Parties Advanced Induction Course January, NTUA, Athens Kanellopoulos.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
Security and Delegation The Certificate Perspective Jens Jensen Rutherford Appleton Laboratory Workshop at NIKHEF, 27 April 2010.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
GRID-FR French CA Alice de Bignicourt.
2007© SWITCH SWITCHslcs the new AAI-based short-lived credential service for Grid users C.Witzig Swiss Grid Day, Berne, May 7, 2007.
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
A Survey of Certificate Management Processes and Procedures in OSG Gabriel Ghinita and Mine Altunay
UK e-Science Certification Authority Self Audit Jens Jensen EUGridPMA meeting, Berlin.
IGTF Risk Assessment Team 5/11/091.
Jens Jensen EU Grid PMA, Berlin Jan 2015
J Jensen, STFC hepsysman, June 2017
Jens Jensen, STFC Sep EUGridPMA Manchester
Tweaking the Certificate Lifecycle for the UK eScience CA
Jens Jensen, STFC 15 Sep GridPP39, Lancaster
UK e-Science CA and JCS Migration Status
Certificate Revocation
Presentation transcript:

CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI TF 2011

Outline 1.The UK e-Science CA 2.Problems with our CA Web Interface 3.CertWizard 4.Future Work 16/11/20152EGI TF 2011

The UK e-Science CA 2 nd largest Grid CA IGTF accredited classic CA 28,972 certificates issued 2,882 active currently RA network across UK academia (61 RAs with 112 RA Operators) 16/11/2015EGI TF 20113

The UK e-Science CA To support ancillary services we also have * 2x SLCS online CAs (SSO and SARoNGS) * 3x MyProxy Servers * 2x VOMS server * Training CA (for short-lived training certificates) * Test CA (for RA Training and testing)

UK eScience Root CA Hierarchy

Problems Many certificate problems on our helpdesk (typically browser issues) Browsers change, we can't support them all, especially on different platforms OpenCA s/w we use hasn't been kept up to date... and we had amended it! Website certificate not trusted by browsers 16/11/2015EGI TF 20116

"Hierarchitecture" 16/11/2015EGI TF SigningCA DB CertWizard server CertWizard client PeCR2OpenCABrowserPeCR/PCR

Features 1.Platform and browser independent 2.No CA Certificates to download first 3.Integrated into our existing MyProxyUploader 16/11/2015EGI TF 20118

Functionality Apply for a new certificate Renew an existing certificate Request revocation of a certificate Export/Backup your certificate Import a certificate Integrated into our proxy generation tool: – GSI “local” proxies – MyProxy upload – Adding VOMS attributes 16/11/2015EGI TF 20119

16/11/2015EGI TF

Apply for a Certificate 16/11/2015EGI TF

Renew Certificate 16/11/2015EGI TF

Request Revocation 16/11/2015EGI TF

Export/Backup 16/11/2015EGI TF

Install Certificate Converts certificate to a usercert/userkey.pem pair for use by the proxy generation parts of the tool. 16/11/2015EGI TF

Seamless Interworking Integrated with MyProxyUploader, our previous proxy generation tool Uploading to MyProxy servers Local Proxies Add VOMS attributes 16/11/2015EGI TF

Configuration CA Certificates MyProxy servers VOMS servers Your Certificate 16/11/2015EGI TF

MyProxyUploader 16/11/2015EGI TF

Local Proxy 16/11/2015EGI TF

VOMS attributes 16/11/2015EGI TF

Further Work Adding an RA Tab Adding a tab for Host Certificates, including bulk requests Provision for address changes Permit renewals within 1 month of expiry Upgrading underlying libraries 16/11/2015EGI TF

Other Developments Rollover of CA Certificate Moving to an online CA Improved functionality for bulk requests Considering accreditation for our SLCS CA Restructuring of our CP/CPS 16/11/2015EGI TF

Acknowledgements Jens Jensen, David Meredith and Akay Okcun Numerous other developers NGS STFC 16/11/201523EGI TF 2011

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.