Forgot your password?
New user?
Document Actions
Getting a User Certificate with the UNL CA
In order to facilitate local users being able to run through grid interfaces, we have set up a local CA. This document describes how to get your own user certificate through the UNL CA. This document is obsolete.
This document is obsolete. GPN users should apply for grid certificates from doegrids.org.
The local CA is https://ca.unl.edu/pub for UNL users, and https://ca.unl.edu/gpn for GPN users. The Certificate Authority is based off the freely-available OpenCA software. Follow these steps to request your certificate:
The local CA is https://ca.unl.edu/pub for UNL users, and https://ca.unl.edu/gpn for GPN users. The Certificate Authority is based off the freely-available OpenCA software. Follow these steps to request your certificate:
- Navigate to https://ca.unl.edu/pub (or https://ca.unl.edu/gpn), and click on the "User" tab. This will bring up a sub-menu, and you can click on "Request a Certificate".
- This will bring you to the base page which will ask you how you would like your certificate generated. Because the various browser key generation is spotty at best, I recommend the "Basic Request" option. This will generate the private key on the server side, and you will later download it. However, this has a much lower security level than having the browser generate the private key client side, and never having the private key travel over the Internet. Your choice.
- Now you should be at a page requesting your basic
information. At a minimum, you should fill in the following fields:
- Certificate data: Name, Email
- User data: Name, Email, Department (or research group), telephone, PIN.
- Certificate data: Name, Email
- The registration authority who approves your certificate will correct your data as needed. Do make sure, however, that your "Role" is set to "User", not "CA Operator". DO NOT FORGET YOUR PASSWORD. The password that you fill out will remain with your certificate for a year, and changing it is impossible (we must reissue the certificate in this case). Don't lose it!
- Wait for your certificate to be approved. As there is no full time employee manning the UNL CA at all times, it might not hurt to send out an email to UNL staff (perhaps Brian Bockelman) to approve the cert.
- If you have choosen basic certificate generation, the
registration authority (RA) will call you and give you a password to
recieve your certificate.
- Once your certificate has been approved, click on the "Certificates" tab, then the "Valid"
submenu. You should see your name listed; click on the
link.
You will want to download the certificate and keypair. If you want to import the certificate into your browser, you will need it in "PKCS#12" format. If you want the certificate to use in Globus and grid submission, you want it in "PKCS#8" format. Select the appropriate format and click "Download".
- You will be asked first for the passphrase for the
certificate. This is the passphrase you filled out in step
(3). If you choose basic certificate generation, then you will be
brought to a second page asking for the password to access the private
key. This is the one the RA should have contacted you with.
Click Ok, and download your certificate to disk.
