CoEPP RC
 

Grid Certificates

The grid community relies heavily on user certificates for all functions that require authorized users (eg. grid job submission, data access tools, wikis, ticketing systems, monitoring websites etc.). An important part of managing a world wide certificate infrastructure (PKI) is the Certificate Authority (CA) that ensures people are who they say they are before they get issued with a user certificate.

The WLCG relies on the PKI infrastructure provided by the International Grid Trust Federations (IGTF).

Apply for User Grid Certificate

CoEPP users currently get their user grid certificates from AusCERT, and CERN. AusCERT publish some FAQs about grid certificates here: https://cs.auscert.org.au/resources/faq/grid-certificates

For CERN users, you can request a certificate here - CERN CA. For those who aren't CERN users, follow the instructions below.

Prerequisites for AusCERT

  • Photo ID (Government issued Driver's License or Passport) OR Work ID (University Staff or Student Card)

Procedure

  • 1. Scan your Photo ID or Work ID documents.
  • 3. Fill only the first page of the form (the second page will be filled by the authorised agent who will manage your request):
First name(s) Fill it as in your ID Card or Passport
Last name Fill it as in your ID Card or passport
E-mail address Your institutional email address at the University (*)
Organisation name (Sub-LRA) Your University name
Primary phone number Your office phone number
Passport / government ID country of issue The country which issued your ID
Passport / government ID number Your passport or ID Card number
Passport / government ID expiry date [YYYY-MM-DD]
Place and date
Sign the document

(*) Note: In Sydney case, the email has to end with @sydney.edu.au. If you don't have such an address (this is normally the case of students) they can create it as an alias to an existing Sydney Uni email, but you need to allow a day for the alias to activate.

  • 4. Scan the document and keep the original to bring to the face to face meeting.
  • 5. Send a request to the appropriate CA authority based on your location (see node specific sections below)
    • In this request, you should:
      1. Present who you are, where you work and what you do;
      2. Attach the scan of the previous filled form;
      3. Attach the scan of your photo ID and work ID documents (if you do not wish to send this info via email, just take a hard copy when you meet in person with the ICT staff member);
      4. Ask for a proper time to meet (the ICT staff member will need to certify your true identity in person).
  • 6. Meet with CA authority representative taking originals of forms and IDs (see node specific sections below)
  • 7. After the meeting (where you are just supposed to show your original IDs), you will receive an invitation and a password to access a AusCERT web form.
  • 8. Accept the invitation, fill this other web form, and submit it.
  • 9. After some time (minutes), you should receive an email with a link. It is very important that you use the same browser to access that link.
  • 10. Check that your new certificate appears under the certificate options of your browser.

CoEPP Sydney

Sydney CA authority person Lu Ka
Sydney CA authority contact email address (institutional) ict.support@sydney.edu.au
Sydney CA authority contact email address (personnel) ka.lu@sydney.edu.au
Sydney CA authority location Address: G12 – 22 Codrington Street Darlington NSW 2008 (10 minutes walking from the School of Physics)
Sydney CA authority phone +61 2 95636096
  • The CA authority contact prefers to receive requests via Sydney Uni ICT helpdesk (see Sydney institutional CA authority contact email address). If you do not receive an answer within 1 to 2 working days, please try the CA authority personnel contact email address.
  • Example email to send to arrange meeting (don't forget to attach scanned form and scanned ID documents):
Dear ICT support

Please assign this request to 'ICT Hosting' since this is the unit responsible for AUSGRID personnel grid certificates.

I am a student / researcher at the Centre of Excellence for Particle Physics (CoEPP) at the University of Sydney.

In order to proceed with my research work, in the framework of the ATLAS collaboration at CERN, I will need an AusCERT grid user certificate.

Please find in attachment my filled application form.

When can I meet you so that the process can go forward?

Kind Regards

CoEPP Melbourne

Melbourne CA authority person Lucien or Sean
Melbourne CA authority contact email address rc@coepp.org.au
Melbourne CA authority location David Caro Building Room 412
Melbourne CA authority phone +61 3 83447994 or +61 3 83448093

CoEPP Adelaide

Adelaide CA authority person Shuichi Sakai
Adelaide CA authority contact email address shuichi.sakai@adelaide.edu.au
Adelaide CA authority location 9 Gawler Place, Adelaide (ITS office)
Adelaide CA authority phone 08 831 31577
  • After you have received the contactaddress, send this email to arrange meeting with Adelaide CA rep (don't forget to attache scanned form and scanned ID documents):
    Dear XXXX
    
    I am a student / researcher at the Centre of Excellence for Particle Physics (CoEPP) at the University of Adelaide.
    
    In order to proceed with my research work, in the framework of the ATLAS collaboration at CERN, I will need a AusCERT grid user certificate. Please find in attachment my filled application form.
    
    When can I meet you so that the process can go forward?
    
    Kind Regards

local CA authority change

If the above contact details are invalid or out-of-date, please send an email to AusCert cs@auscert.org.au to find out who your local CA authority person is.

Dear AusCERT,

I am a student / researcher at the Centre of Excellence for Particle Physics (CoEPP) at the University of XXX.

In order to proceed with my research work, in the framework of the ATLAS collaboration at CERN, I will need a AusCERT grid user certificate.

Could you please give me the contact details of the local CA authority representative at the University of XXX?

Kind Regards

Australian CA History

The local Australian CA which is part of the IGTF is currently in a period of flux because the VPAC/APAC CA is being discontinued.

Schedule for CA cutover:

CA Start Date Last Renewal End Date
APACGrid Pre-2011 Feb-2013 Feb-2014
ASGCCA Feb-2013 Feb-2015 Feb-2016
AusCERT Feb-2015 - -

The Melbourne CoEPP Research Computing team members are Registration Authority Operators (RAO). This gives them the ability to approve certificate requests from our researcher community (ie. CoEPP staff and students). Sydney and Adelaide staff need to send an email to their University's respective IT security team to arrange a meeting with an RAO.

CERN CA

If you have personally visited CERN and have registered with ATLAS and CERN HR (you have shown your passport as a photo ID to CERN) you can also automatically generate a CERN user certificate. Although this is an option, CoEPP RC recommends that you also go through the process detailed above to get an Australian verified certificate. More information can be found at:

grid/certificates.txt · Last modified: 2018/04/16 14:55 by scrosby
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki