LIGO Data Grid

Navigation

CompComm
LSC
LIGO

DataGrid Details

What is LSC DataGrid?
Cluster Usage
Monitoring
Available Data
Service Details
OSG

User Manual

How to get started
Install Data Grid Client
Getting Certificates
Renewing Certificates
Certificates in your Browser
Account Request
Intro to Data Grid Tools
Matlab Cluster Tips
FAQ

Admin Manual

Install DataGrid Server
Get server certificates
Configure/deploy Condor
Configure/deploy CondorView
Graceful Condor shutdown
CondorC on LDG
LAMS / VOMS Admin
Syracuse X4500 Pages
Edit these web pages

Bug Tracking

LDG trouble ticket system

Policy

Reference O/S Schedule

LDG Collaborations

Condor-LIGO biweekly telecon
Globus-LIGO monthly telecon
Archival GriPhyN-LIGO WG pages

Exits

LSC
LIGO
OSG

Globusligo

General Information

Using Other Certificate Authorities

Note: LSC scientists and administrators at U.S. institutions should follow the instructions at Getting a Digital Certificate and Getting Server Certificates. These notes are intended for our GEO friends and others not at U.S. institutions.

Overview

Users are required to have a digital certificate in order to authenticate to grid services on the LSC DataGrid, and machines running grid services must have host or service certificates.

You obtain a digital certificate by submiting a request to a certificate authority (CA). Given you meet all of the requirements, the CA will digitally sign your request and return to you a signed digital certificate. Each of the countries in the European DataGrid runs a CA and you should submit your request to the appropriate CA following the instructions available from the links on this page.

Associated with each digital certificate is a private key. The private key is never known to the CA or any central administrator. Usually the private key is generated at the same time as the certificate request.

Generating a Certificate Request and Private Key

The procedure for generating a certificate request and private key varies. You should check with your CA for instructions. Still, there are two common ways:

  1. grid-cert-request: The Globus Toolkit (and hence the Virtual Data Toolkit and the LSC DataGrid Client/Server) includes the script grid-cert-request which can be used for generating personal, host, or service certificates.

    When the script is run the private key and certificate request are generated and stored in two files as plain text. The request is usually sent by email to the CA for signing, but sometimes it is copied and pasted into a web form. The private key is never sent.

  2. web browser: Most web browsers have the functionality to generate certificate request and private key pairs. Usually the signed certificate and private keys are kept in a database that the web browser maintains. Javascript from a CA web site often causes the

When the request has been signed the certificate, which is a public document, is often sent back via email, but sometimes it is made available for download from a web page.

In order to use the signed certificate with the Globus Toolkit you must save it into the proper file. For user certificates this is usually ~/.globus/usercert.pem.

Supported by the National Science Foundation. Any opinions, findings and conclusions or recomendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF)
$Id: otherca.html,v 1.2 2006/10/26 08:10:22 patrick Exp $