Difference between revisions of "Requesting a grid certificate using the Terena eScience Portal"

From SNIC Documentation
Jump to: navigation, search
(Refer to dedicated pages instead of duplicating stuff)
Line 5: Line 5:
 
[[Grid_certificates|< Grid certificates]]
 
[[Grid_certificates|< Grid certificates]]
  
 +
NEWS: In July 2015 the TERENA TCS service switched backend provider from Comodo to DigiCert. That also meant switching the grid certificate portal from the TERENA-run Confusa service (https://tcs-escience.sunet.se for the SUNET instance) to a vendor-provided portal (https://digicert.com/sso/). Also, TERENA has been merged/renamed and is now ​GÉANT.
  
The Terena eScience Portal is an effort to provide users with a tool for requesting grid-certificates using the credentials from their home-institution or university.  
+
These instructions have been updated to point to the new service, but they could be improved with screenshots, more explanations etc. Please feel free to work on them.
  
To request a Terena eScience Certificate go to the following URL: https://tcs-escience.sunet.se
+
To request a TCS grid certificate
  
'''It's vital that you DON'T use <nowiki>https://tcs-personal.sunet.se</nowiki>. This is a very similar portal, but you will not get a certificate that is usable in the grid community like DEISA, Swegrid and Swestore.'''
+
1. Go to  https://digicert.com/sso
  
A screencast version of this instruction is available [http://snicdocs.nsc.liu.se/wiki/Requesting_a_grid_certificate_using_the_Terena_eScience_Portal_(Video) here].
+
2. Type the first characters of your university (or similar) and then select the Identity Provider to use for login.
  
The detailed procedure is as follows:
+
3. Login at your home university.
  
1. Click "Login"
+
4. Select the ''Grid Premium'' product.
  
2. If requested, click on Sweden on the map.
+
5. Normally, leave the CSR field blank to get a key generated in your browser.
  
3. Choose your identity provider in the drop down box. This is usually your home university.
+
6. Press "Request Certificate".
  
4. Login using your credentials from your identity provider (your university).
+
7. Your certificate is generated and should be automatically imported into your browser.
 
 
You should now arrive to a "home" page that shown below:
 
 
 
[[File:terena1.png|600px]]
 
 
 
5. Click on the "My certificates" link in the top left side of the page. You should then arrive to a page from which you will create and manage your certificates.
 
 
 
[[File:terena2.png|600px]]
 
 
 
 
 
6. To create a new certificate, click on the "New certificate" link. Follow the instructions, clicking '''next''' where possible (the defaults are usually OK). When the process is completed your certificate will be listed on the same page.
 
 
 
7. Install the signed certificate in your browser by clicking on the "Install in keystore" link. This will install the certificate in the key-store of your browser. On Mac OSX, most browsers (except Firefox) will instead offer to save the certificate file by default, and in order to use it you must import it to your keychain. You can for example do this by double clicking it in the finder.
 
 
 
'''The resulting certificate Subject or DN should at this point start with "/DC=org/DC=terena/DC=tcs/". If it starts with "/C=SE/O=YOUR SITE/" then you have the wrong type of certificate. Please make sure you use the right portal above. If the problem persists, please contact support@swegrid.se before proceeding'''
 
  
 
=== Exporting the Terena certificate for use with Grid tools ===
 
=== Exporting the Terena certificate for use with Grid tools ===

Revision as of 08:27, 1 September 2015

< Grid certificates

NEWS: In July 2015 the TERENA TCS service switched backend provider from Comodo to DigiCert. That also meant switching the grid certificate portal from the TERENA-run Confusa service (https://tcs-escience.sunet.se for the SUNET instance) to a vendor-provided portal (https://digicert.com/sso/). Also, TERENA has been merged/renamed and is now ​GÉANT.

These instructions have been updated to point to the new service, but they could be improved with screenshots, more explanations etc. Please feel free to work on them.

To request a TCS grid certificate

1. Go to https://digicert.com/sso

2. Type the first characters of your university (or similar) and then select the Identity Provider to use for login.

3. Login at your home university.

4. Select the Grid Premium product.

5. Normally, leave the CSR field blank to get a key generated in your browser.

6. Press "Request Certificate".

7. Your certificate is generated and should be automatically imported into your browser.

Exporting the Terena certificate for use with Grid tools

To use the Terena certificates with the ARC grid client they have to be exported from the browser and converted into a suitable format.

See Exporting a client certificate for detailed instructions on how to export a Terena certificate from the most popular browsers.

See Preparing a client certificate for detailed instructions on how to prepare the exported certificate for use with grid tools.