HomeYourSite map Lv
Home > Certification  
Certification

To be able to access Grid resources, you need to be both authenticated and authorized. To become authorized, you need to contact the resource owners. Authenication is done using certificates, a form of digital "passport". This document explains, how to get your certificate.

You should be affiliated with some academic institution or working on a Grid related project to be eligible to obtain a certificate. There is no cost for obtaining a certificate. BalticGrid certificates are obtained through the local Registration Authorities (RA) in each country, which then forward the requests to Baltic Grid CA.

In Latvia RAs are IMCS UL and RTU.

To obtain a certificate, please follow the certification procedure given below.

Certification procedure

The following procedure is required to submit a certification request:

  1. The person creates a private key and Certification request using OpenSSL software with BalticGrid CA files (see Creating a certification request below);
  2. The person sends the Certification request to <balticgrid-ra@grid.lumii.lv> also prints it out and writes his Name, Surname, telephone number, e-mail address and signature on the printout for later comparison;
  3. The person arranges a visit to Institute of Mathematics and Computer Science (Matemātikas un informātikas institūts, Raiņa 29, Rīga) and meets face to face with someone from the Registration Authority;
  4. The person shows the following documents to the RA representative: some form of identification (passport or drivers license); proof of affiliation with some academic institution, the printed certificate (from step 2). The printout must be in plain text format, to change the format the user runs 'openssl req -noout -text -in user-certrequest.out' in command line and prints out the result;
  5. The RA compares that the certificate matches the electronically received request and verifies the identity of the person;
  6. The RA and certificate requester fills the face to face meeting documentation available here - http://www.grid.lumii.lv/uploads/F2F.doc;
  7. The RA copies the presented documents (that prove the certificate requesters affiliation with some academic institution) for archival purposes, signs and forwards the certification request to the CA;
  8. In approximately three working days the signed certificate is returned to the person.

Creating a certification request

1. If you are using Linux, you need OpenSSL software (OpenSSL is easy to get from www.openssl.org)

If you are using Windows, you can get OpenSSL for Windows from here:
http://gnuwin32.sourceforge.net/packages/openssl.htm

2. Download and place in your home directory OpenSSL user configuration (to make request generating a bit easier). Configuration file is available here.

3. Observe the conversion of Non-ASCII characters given at the BalticGrid CA website

4. Run "openssl req -new -config BalticGridCA-user.cnf -out user-certrequest.out -sha1" from your homedir (that's the place where you put configuration file(see step 2)) and do the following:

a) choose a strong password;
b) do not change both "Domain Component" variables - just press <ENTER>;
c) enter your institution domain (for example lumii.lv, rtu.lv, cfi.lu.lv, e.t.c.) www.<domain>.lv should correspond to the institutions home page;
d) enter your name;
e) two files are generated in your ~/ (home) directory: private_user_key.pem (private key - KEEP IT SECRET and DON'T LOSE IT!) and user-certrequest.out.

6. Send the user-certrequest.out file to the RA.

Contacts

Use email address <balticgrid-ra@grid.lumii.lv> to submit your certificate requests.

The following persons are the representatives of the BalticGrid CA in Latvia (Registration Authority):

Leo Truksans E­mail: leo.truksans@lumii.lv
PGP key ID: 0x95F25993
PGP key fingerprint: 3455 F4C9 621B F53A 1D6B 4491 72C5 9A0F 95F2 5993

Kaspars Krampis E­mail: kaspars.krampis@lumii.lv
PGP key ID: CDF3949E
PGP key fingerprint:  4C64 2D2B E157 2C80 2641 038A 7A5F 0F61 CDF3 949E