Go to:
Esta Página em Português   Contextual Help is not available   
Você está em: TIC > Computing > 0
Authentication




LIP Register Authority Services – Procedure to Obtain X509 Certificates

The University of Porto is a register authority of the LIP Certification Authority.

Users at the University of Porto who want to participate in projects in the field of Grid Computing (national and international) need X.509 certificates. For this purpose, they must use the public interface in https://ca.lip.pt/up/pub and then follow the instructions below:

Request User Certificate
Request Host Certificate
Request Service Certificate
Certificate Backup
Converting the User Certificate
Converting the Host Certificate
Converting the Service Certificate
RA Contacts

Request User Certificate

To request a user certificate, go to https://ca.lip.pt/up/pub and in tab User -> Request a Certificate select the option according to the type of browser in use or through the automatic browser detection (Request a certificate with automatic browser detection) - this is the option we recommend.
Fill in the form data bearing in mind the following:

  • Use the institutional e-mail
  • Select the organic unit to which you belong in "Certificate Request Group"
  • Do not use diacritical marks (accents or cedilla) in the parameter Name
  • Do not fill in parameter DNS
  • Enter parameter Role as User

You must then fill in the form in http://ca.lip.pt/docs/cert-pessoal.pdf. The current procedure applicable to the CA (Certification Authority) implies providing the AR at the U.Porto with documentary evidence of your identity (ID card, driving license, passport), to validate your request.

Request Host Certificate

To request a host certificate, go to https://ca.lip.pt/up/pub and in tab User -> Request a Certificate select the option according to the type of browser in use or through the automatic browser detection (Request a certificate with automatic browser detection) - this is the option we recommend.
Fill in the form data bearing in mind the following:

  • Use the institutional e-mail
  • In "Certificate Data", fill in Name and DNS with the information in the DNS
  • Do not use diacritical marks (accents or cedilla) in the parameter Name
  • Select the organic unit to which you belong in "Certificate Request Group"
  • Enter parameter Role as Web Server

You must then fill in the form in http://ca.lip.pt/docs/cert-servidor.pdf. The current procedure applicable to the CA implies providing the AR at the U.Porto with documentary evidence of your identity (ID card, driving license, passport), to validate your request.

Request Service Certificate

To request a service certificate, go to https://ca.lip.pt/up/pub and in tab User -> Request a Certificate select the option according to the type of browser in use or through the automatic browser detection (Request a certificate with automatic browser detection) - this is the option we recommend.
Fill in the form data bearing in mind the following:

  • Use the institutional e-mail
  • In "Certificate Data", fill in Name with the service name followed by the DNS of the equipment (e.g.: voms/grid.up.pt )
  • Do not use diacritical marks (accents or cedilla) in the parameter Name
  • Select the organic unit to which you belong in "Certificate Request Group"
  • Enter parameter Role as Web Server

You must then fill in the form in http://ca.lip.pt/docs/cert-servidor.pdf. The current procedure applicable to the CA implies providing the AR at the U.Porto with documentary evidence of your identity (ID card, driving license, passport), to validate your request.

Certificate Backup

When you receive an e-mail from the Certification Authority with the link to download the certificate, you should do a backup of the document.

  • NOTE: This procedure should be done in the same equipment where the request was made.
  • To perform the backup of the certificate, first check the browser options in Preferences->Security->Certificates
  • The certificate with the data you entered in the request should then appear. Make sure the issuer matches the following information:
    CN = LIP Certification Authority
    O = LIPCA
    C = PT
  • You must then do the backup into a file type .p12
  • This certificate will be encrypted with a password defined by the user

Converting the User Certificate

  • Extract the key for file p12
    openssl pkcs12 -nocerts -in usercert.p12 -out $HOME/.globus/userkey.pem
  • Extract the certificate of file p12
    openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out $HOME/.globus/usercert.pem

Converting the Host Certificate

  • Extract the key for file p12
    openssl pkcs12 -nocerts -nodes -in usercert.p12 -out /etc/grid-security/hostkey.pem
  • Extract the certificate of file p12
    openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out /etc/grid-security/hostcert.pem

Converting the Service Certificate

  • Extract the key for file p12
    openssl pkcs12 -nocerts -nodes -in usercert.p12 -out /etc/grid-security/$SERVICE_NAME/$KEY_SERVICE_NAME.pem
  • Extract the certificate of file p12
    openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out /etc/grid-security/$SERVICE_NAME/$CERT_SERVICE_NAME.pem

RA Contacts

Universidade Digital – Reitoria da U.PORTO

Postal address: Praça Gomes Teixeira, 4099-002 Porto PORTUGAL

E-mail: helpdesk@reit.up.pt
Telephone: +351 22 040 8088
FAX: +351 22 040 8183
Room: GT 437A

URL: http://www.reit.up.pt

 

Webpage created on: 2023-02-09 03:03:34 Last updated: 2011-10-31