1. Read and agree to the Subscriber Obligations specified in section 2.1.2 of theDOEGrids Certificate Policy and Certificate Practice Statement (CP/CPS).

   The CP/CPS is a PDF document you can find here.

2. Configure your web browser if necessary.

   We strongly recommend that you use the Netscape Navigator/Communicator browser or the Microsoft Internet ExplorerBrowser.

   Other browsers may or may not work and you are welcome to try but we do not have the resources to test each version of all available web browsers.

   If you are running more than one independent copy of your browser quit or close all copies and start with a fresh browser window. Multiple browser windows are fine, but multiple independent sessions may cause trouble with the browser's certificate and key database(s).

   Netscape browsers require JavaScript to be enabled and Microsoft IE browsers require activeX.

   Note for Microsoft IE users: Microsoft Hotfix Q323172 or equivalent is required to use IE to request your certificate. See Microsoft Security Bulletin MS02-048 for details.

   For convenience you should import the DOEGrids CA certificate chain into your web browser. To do so follow these steps:

   • Browse to http://pki1.doegrids.org/GetCAChain.html
   • Check the Import the CA certificate chain into your browser radio button.
   • Click the Submit button.
   • Follow your browser's instructions.

   If you receive a message indicating The Certificate that you are trying to download already exists in your database or similar, please proceed to the next step.

3. Determine your sponsor

   In order for your identity to be verified and matched to the request you must choose a sponsor. The sponsor will contact you after the request has been made and in a secure fashion will verify that you did indeed request a certificate.

   By clicking here you may open a new browser window that will contain the list of sponsors. Please choose the sponsor from your host institution. If a sponsor from your host institution is not listed you may choose another sponsor on the list that knows you and can verify that you are part of the iVDGL virtual organization (VO).

   In what follows you will need to cut and paste the sponsor's name into a web form.

   Note that some sponsors on the list are also designated RA staff for the PPDG RA and may choose to verify and/or sign requests via the PPDG RA.

4. Click here to open the request form

   Your web browser may ask you to accept the certificate that the DOEGrids CA web server is offering to your browser as identification. You should choose to accept the certificate so that you can view the necessary form.

5. Enter your full name and email address into the form.

   Do not use nicknames, login names, or anything other than your full name. Please provide your host-institution email address rather than a generic email address such as joeuser@hotmail.com.

   Note that when your cursor leaves the Full name text box the script will automatically append a number. This is done to ensure that the subject name on your certificate is unique. Do not try to remove the number.

6. Enter your contact information into the form.

   Please provide your host-institution email address rather than a generic email address such as joeuser@hotmail.com.

   Please also provide your host-institution phone number rather than a personal or cell-phone number.

   Please choose from the drop-down menu iVDGL as your affiliation or virtual organization.

7. Enter your sponsor's contact information.

   Please copy and paste your sponsor's name from the list of sponsors.

   Please provide your sponsor's email address and phone number.

8. Enter the name of your CS group or experiment into the Additional Comments text box on the form.

   If you are a CS researcher working on the iVDGL project please enter the name of your host institution. If you are part of a physics experiment (ATLAS, CMS, LIGO, SDSS, ...) please enter the name of the experiment.

9. If desired enter a challenge phrase password for certificate revocation.

   Note that this pass phrase is not the pass phrase used to protect the database of certificates and keys in your web browser, and it is not the pass phrase that will eventually protect your private key if you export it from your browser in order to use it with the Globus GSI grid-proxy-init.

   This challeng phrase password is only used in the event that you desire to revoke your certificate. It is completely optional.

10. Netscape: choose a key length of 1024
    Microsoft IE: choose Microsoft Enhanced Cryptographic Provider

    
    

11. Click the Submit button.

    
    

After clicking the Submit button a new private key will be generated for you and the certificate request will be sent to the DOEGrids CA. If you have not previously entered a password to protect the certificate database that your browser uses you will be asked to enter a password. If you forget the password you will lose all access to all of your certificates.

A new browser window should appear with the request ID for your request. Please make a note of the request ID. Should you need to contact the iVDGL RA staff about your request the request ID will be helpful.

If a new browser window does not appear with a request ID for your request then your request was not successfully processed. Please restart your browser and try again.

You will be notified by email when your certificate request has been signed and is ready to be retrieved. The email will contain a link that explains how to retrieve your certificate. You may also visit the link How to retrieve a signed certificate under the Personal Certificates heading on the left.

NOTE: If you are a system administrator or will need a Host or Service Certificate please submit a request to the iVDGL RA to be added to the privileged list for use of the GridAdmin system. See Request/Retrieve a Host Certificate.