This page gives a general overview of the iVDGL RA certificate requestprocess. To actually request, retrieve, or learn how to use a DOEGrids certificate please visit the appropriate link on the left.

In order for your certificate request to be processed you must identify at the time of the request a sponsor from a list of approved sponsors.

The list of approved sponsors is the group of people authorized to assist the RA with verifying the identity of you the requestor. Each institution involved in the iVDGL project usually has at least one approved sponsor.

In order for the sponsor to verify your identity it will be necessary for you and the sponsor to meet face-to-face or, if you have met face-to-face in the past, to have a telephone conversation.

A X.509 certificate request and its associated public key are generated automatically by your web browser when you visit the appropriate DOEGrids CA web page. The script that is run automatically creates the appropriate and unique subject name for the certificate based on information you enter into a form. The script also automatically sends the request to the DOEGrids CA.

The associated private key is also automatically generated at the same time. It, however, is not sent to the CA. Rather the private key is kept in a secure database that is part of your web browser. Later, after retrieving the signed certificate from the CA you may export the certificate and private key into files that may be used with Globus GSI programs such as grid-proxy-init. Full instructions can be found via the links on the left.

A request for a host or service certificate, however, must be generated using the Globus program grid-cert-request and then cut and pasted into a form on the DOEGrids CA web page. Full instructions can be found via the links on the left.

As part of the request process you will enter into the form on theDOEGrids CA web page your name, email address, and telephone number.You will also enter the name of the sponsor from your institution or the name of another sponsor if you are known to the sponsor.

Upon receiving the certificate request the DOEGrids CA will notify the iVDGL RA staff that a request is pending. The iVDGL RA staff will contact the sponsor listed on your request and ask them to verify with you that you did indeed make a certificate request. After the sponsor has verified your request he or she will verify this with the iVDGL RA staff person responsible for signing certificates. That person will then sign the certificate and you will receive an email notifying you that the signed certificate is available to be retrieved.

Note for LIGO/LSC users: After verifying your request your local sponsor will contact the Group Leader for Data and Computing at the LIGO Laboratory (currently Albert Lazzarini), who will in turn contact the iVDGL RA staff person responsible for signing certificates.

Personal certificates are retrieved by visiting a web page at the DOEGrids CA web site. The certificate will be automatically retrieved by your web browser and placed into the database of certificates that your web browser keeps. Your certificate and private key may later be exported to PEM encoded plain-text files for use with Globus GSI programs like grid-proxy-init.

Host or service certificates are available as PEM encoded plain-text files on a web page and must be cut and pasted into the appropriate file.