To be able to access Grid resources, you need to be both authenticated and authorized. To become authorized, you need to contact the resource owners. Authenication is done using certificates, a form of digital "passport". This document explains, how to get your certificate.
You should be affiliated with some academic institution or working on a Grid related project to be eligible to obtain a certificate. There is no cost for obtaining a certificate. BalticGrid certificates are obtained through the local Registration Authorities (RA) in each country, which then forward the requests to Baltic Grid CA.
In Latvia RAs are IMCS UL and RTU.
To obtain a certificate, please follow the certification procedure given below.
Certification procedure
The following procedure is required to submit a certification request:
- The person creates a private key and Certification request using OpenSSL software with BalticGrid CA files (see Creating a certification request below);
- The person sends the Certification request to <balticgrid-ra@grid.lumii.lv> also prints it out and writes his Name, Surname, telephone number, e-mail address and signature on the printout for later comparison;
- The person arranges a visit to Institute of Mathematics and Computer Science (Matemātikas un informātikas institūts, Raiņa 29, Rīga) and meets face to face with someone from the Registration Authority;
- The person shows the following documents to the RA representative: some form of identification (passport or drivers license); proof of affiliation with some academic institution, the printed certificate (from step 2). The printout must be in plain text format, to change the format the user runs 'openssl req -noout -text -in user-certrequest.out' in command line and prints out the result;
- The RA compares that the certificate matches the electronically received request and verifies the identity of the person;
- The RA and certificate requester fills the face to face meeting documentation available here - http://www.grid.lumii.lv/uploads/F2F.doc;
- The RA copies the presented documents (that prove the certificate requesters affiliation with some academic institution) for archival purposes, signs and forwards the certification request to the CA;
- In approximately three working days the signed certificate is returned to the person.
Creating a certification request
1. If you are using Linux, you need OpenSSL software (OpenSSL is easy to get from www.openssl.org)
If you are using Windows, you can get OpenSSL for Windows from here:
http://gnuwin32.sourceforge.net/packages/openssl.htm
2. Download and place in your home directory OpenSSL user configuration (to make request generating a bit easier). Configuration file is available here.
3. Observe the conversion of Non-ASCII characters given at the BalticGrid CA website
4. Run "openssl req -new -config BalticGridCA-user.cnf -out user-certrequest.out -sha1" from your homedir (that's the place where you put configuration file(see step 2)) and do the following:
a) choose a strong password;
b) do not change both "Domain Component" variables - just press <ENTER>;
c) enter your institution domain (for example lumii.lv, rtu.lv, cfi.lu.lv, e.t.c.) www.<domain>.lv should correspond to the institutions home page;
d) enter your name;
e) two files are generated in your ~/ (home) directory: private_user_key.pem (private key - KEEP IT SECRET and DON'T LOSE IT!) and user-certrequest.out.
6. Send the user-certrequest.out file to the RA.
Contacts
Use email address <balticgrid-ra@grid.lumii.lv> to submit your certificate requests.
The following persons are the representatives of the BalticGrid CA in Latvia (Registration Authority):
Edgars Znots E-mail: <edgars.znots_at_lumii.lv>
PGP key ID: 95139E69
PGP key fingerprint: B560 CAC6 59C1 4588 9D1A F600 59E8 27E1 9513 9E69
Dana Ludviga E-mail: <dana.ludviga_at_lumii.lv>
PGP key ID: A1EADC43
PGP key fingerprint: 9AF3 098D B524 DBE0 C8D4 6C75 4958 6E5A A1EA DC43
Solvita Rovīte E-mail: <solvita.rovite_at_lumii.lv>
PGP key ID: 2B47FF50
PGP key fingerprint: C20D 4727 40B5 BF26 0D0C D2F4 856D 2AEC 2B47 FF50
