Requesting a grid certificate using the Digicert SSO Portal

From SNIC Documentation

(Difference between revisions)
Jump to: navigation, search
(Add note on master password)
 
(17 intermediate revisions not shown)
Line 5: Line 5:
[[Grid_certificates|< Grid certificates]]
[[Grid_certificates|< Grid certificates]]
-
'''Due to brain damage at Google, you can no longer use Google Chromium for getting a Digicert certificate. Firefox stil works. And possible Safari and Internet Explorer. We have reports that Microsoft Edge doesn't work.'''
+
= Caveat =
-
To request a Digicert grid certificate
+
Due to brain damage at Google, '''you can no longer use Google Chrome/Chromium''' for getting a Digicert certificate. '''Firefox, Safari and Internet Explorer still works'''. We have reports that '''Microsoft Edge does not work'''.
-
1. Go to  https://digicert.com/sso
+
= Set a master password =
-
2. Type the first characters of your university (or similar) and then select the Identity Provider to use for login.
+
When using Firefox, or any browser on Linux/Unix, it is highly recommended to use a Master Password to protect stored logins and passwords.
-
3. Login at your home university.
+
Instructions for Firefox: https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins
-
4. Select the ''Grid Premium'' product.
+
= Requesting a eScience (grid) certificate =
-
5. Normally, leave the CSR field blank to get a key generated in your browser.
+
# Start a suitable web browser (see Caveat above for details):
 +
## Windows:
 +
### Internet Explorer
 +
### Firefox (does not use OS certificate store, obtained certificate is only available to Firefox)
 +
## macOS:
 +
### Safari
 +
### Firefox (does not use OS Keychain, obtained certificate is only available to Firefox)
 +
## Linux/Unix:
 +
### Firefox (obtained certificate is only available  to Firefox)
 +
#Go to  https://digicert.com/sso
 +
#Type the first characters of your university (or similar) and then select the Identity Provider to use for login.
 +
#:[[File:Digicert-idp.png]]
 +
#Login at your home university.
 +
#Select the ''Grid Premium'' product.
 +
#:[[File:Digicert-product-select.png]]
 +
#Normally, leave the CSR field blank to get a key generated in your browser.
 +
#Press "Request Certificate".
 +
#Your certificate is generated and should be automatically imported into your browser.
-
6. Press "Request Certificate".
+
= Exporting the Digicert certificate =
-
7. Your certificate is generated and should be automatically imported into your browser.
+
If you need to use the certificate with other programs it needs to be exported to a file and imported where appropriate.
-
=== Exporting the Digicert certificate for use with Swestore and other grid tools ===
+
See [[Exporting a client certificate]] for detailed instructions on how to export a Digicert certificate from the most popular browsers.
-
To use the Digicert certificates with the ARC grid client they have to be exported from the browser and converted into a suitable format.
+
= Adding certificate to OS certificate store =
-
See [[Exporting a client certificate]] for detailed instructions on how to export a Digicert certificate from the most popular browsers.
+
Some operating systems have a built in keychain/keystore. If Firefox was used the certificate needs to be imported to keychain/keystore in order to be available for other programs.
 +
 
 +
* [[Add client certificate to keychain on macOS]]
 +
 
 +
Windows: '''FIXME: Investigate and update instructions accordingly'''.
 +
 
 +
= Using the certificate with grid tools =
 +
 
 +
To use the Digicert certificates with the ARC grid client they have to be exported from the browser into a file and then converted into a suitable format.
-
See [[Preparing a client certificate]] for detailed instructions on how to prepare the exported certificate for use with grid tools.
+
See [[Preparing a client certificate]] for detailed instructions on how to prepare an exported certificate for use with grid tools.

Latest revision as of 12:28, 2 June 2017

< Grid certificates

Contents

Caveat

Due to brain damage at Google, you can no longer use Google Chrome/Chromium for getting a Digicert certificate. Firefox, Safari and Internet Explorer still works. We have reports that Microsoft Edge does not work.

Set a master password

When using Firefox, or any browser on Linux/Unix, it is highly recommended to use a Master Password to protect stored logins and passwords.

Instructions for Firefox: https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

Requesting a eScience (grid) certificate

  1. Start a suitable web browser (see Caveat above for details):
    1. Windows:
      1. Internet Explorer
      2. Firefox (does not use OS certificate store, obtained certificate is only available to Firefox)
    2. macOS:
      1. Safari
      2. Firefox (does not use OS Keychain, obtained certificate is only available to Firefox)
    3. Linux/Unix:
      1. Firefox (obtained certificate is only available to Firefox)
  2. Go to https://digicert.com/sso
  3. Type the first characters of your university (or similar) and then select the Identity Provider to use for login.
    Digicert-idp.png
  4. Login at your home university.
  5. Select the Grid Premium product.
    Digicert-product-select.png
  6. Normally, leave the CSR field blank to get a key generated in your browser.
  7. Press "Request Certificate".
  8. Your certificate is generated and should be automatically imported into your browser.

Exporting the Digicert certificate

If you need to use the certificate with other programs it needs to be exported to a file and imported where appropriate.

See Exporting a client certificate for detailed instructions on how to export a Digicert certificate from the most popular browsers.

Adding certificate to OS certificate store

Some operating systems have a built in keychain/keystore. If Firefox was used the certificate needs to be imported to keychain/keystore in order to be available for other programs.

Windows: FIXME: Investigate and update instructions accordingly.

Using the certificate with grid tools

To use the Digicert certificates with the ARC grid client they have to be exported from the browser into a file and then converted into a suitable format.

See Preparing a client certificate for detailed instructions on how to prepare an exported certificate for use with grid tools.

Personal tools
Namespaces
Variants
Actions
People
For Staff
Toolbox