|
sidemenu
|
Explanations of Concepts used in the Instructions
- Same user account on the same machine and same browser:
This requirement is due to the generation of your private key and its
storage in the security database of the browser you used to enroll;
this private key is then needed to import your certificate when it is
ready. You will not need a separate certificate for each system-browser
pair as later in these intructions you will be shown how to export your
certificate and its private key for import on other systems or into
other browsers. You should not interpret the same browser
requirement to mean that you need to keep your brower window open and
start a new instance of the brower in another window, you can exit your
brower without problems since the generate private key will be
recordered on the disk in a secure file. In fact, starting a new brower
window may cause your private key to be lost due to the security database getting overwritten by the new instance!
- new ------ The Affiliation (Virtual Organization, VO, or Registration Authority) is the registration authority that DOEGrids will contact to validate your identity.
- Import instructions: You will need the CA certificate chain to establish a secure session with the DOEGrids Certificate Services page at https://pki1.doegrids.org/
(note the https in the URL). Without the CA chain loaded in your
browser, on your first visit to this site, you will be prompted to
access the site certificate to enable a secure session. Do so
temporarily, for this session. After loading the CA certificate chain,
on the next visit to this page, you will not be prompted, and a secure
session will automatically be enabled (note that the lock icon on your
browser is now locked).
- Certificates and Fingerprints:Optional, detailed information about these certificates and their fingerprints can be found at the MD5/SHA1 fingerprints for the DOEGrids CA Chain
web page. This chain consists of the certificates for the DOEGrids
Certificate Authority and the ESnet root Certificate Authority (to
which the DOEGrids CA is a subordinate CA).
- The verification instructions on http://www.doegrids.org/pages/How-To-Import.html are useful only if you have the CA certificates in a file.
Netscape/Mozilla/Firefox:
Edit menu -> Preferences -> Privacy & Security -> Certificates -> Certificate Manager
In the Certificate Manager, select the Authorities tab and scroll down to the
ESnet entry and double click on one of the listed certificates. In the
Certificate Viewer window that opens, the information on the certificate
(including the MD5 and SHA1 fingerprints - hash codes - are listed and
can be compared to the DOEGrids page referenced to verify that the correct
CA certificates have been loaded into your browser.
Internet Explorer:
Internet Options (control panel) -> Content tab -> Certificates
Select Intermediate Certificate Authorities for the DOEGrids CA certificate
or select Trusted Root Certificate Authorities for the ESnet Root CA.
Double click on the certificate you want to open a view window for the
certificate and select the details tab. Scroll down and to the Thumbprint
algorithm and Thumbprint fields to compare with the DOEGrids page.
- Upon Submit:
This generates your private key and stores it in the security database
(password and certificate store) associated with your browser, user
account and system.
|
