The open archive for STFC research publications

Full Record Details

Persistent URL http://purl.org/net/epubs/work/61855
Record Status Checked
Record Id 61855
Title CertWizard: a New Certificate Tool for the UK NGI User Community
Abstract Users find applying for and renewing of their certificates hard. In fact one third of the tickets on the UK NGI Helpdesk in the last year were related to certificates: a common theme being browser issues. STFC staff have produced a browser-independent tool for managing the certificates of the UK NGI user community. This tool, combined with other service improvments, provides a simpler-to-use interface which is more efficient and fully integrated with our already established certificate tools. The NGS runs the world's 2nd largest Grid Certification Authority: the IGTF-accredited UK e-Science CA. It is trialing several innovations for x509 authentication including alternatives to year-long user certificates, but their use will be needed for some time. The CA certificate itself is due for renewal in 2011 and so the opportunity is being taken to make changes at all levels of the service. Up until now, users have used their browser to apply for and renew their certificates. As browsers have evolved there have been a variety of incompatibilities in the way they handle certificates and our list of unsupported browsers has grown. The solution was to write a stand-alone tool to manage these certificate requests without involving a browser. The tool also adds the facility to renew a recently expired certificate and change details such as the user's email address without having to revoke it and apply for a new one like now. It has also been merged with our existing VOMS-enabled MyProxy Upload Tool so that a single tool can be used to manage all the user's certificate interactions. Further work is already underway to add interfaces to provide analogous support for host certificates and for RA Operators to approve both user and host certificate requests. Although the CA part of our tool is tied in to the UK eScience CA, the interface provided is well-defined and would not take too much effort to generalise for other community CAs so we are keen to demonstrate its functionality at the User Forum in Lyon.
Organisation ESC , ESC-LHC , STFC , ESC-SCT
Keywords Engineering , CA myproxy voms certificate , authentication authorisation RA
Funding Information
Related Research Object(s):
Licence Information:
Language English (EN)
Type Details URI(s) Local file(s) Year
Presentation Presented at EGI Technical Forum 2011, Lyon, France, 19-23 Sep 2011. EGI-TF.ppt 2011