Difference between revisions of "Requesting a grid certificate using the Digicert SSO Portal"

From SNIC Documentation
Jump to: navigation, search
(Caveat)
Line 5: Line 5:
 
[[Grid_certificates|< Grid certificates]]
 
[[Grid_certificates|< Grid certificates]]
  
= Caveat =
+
= Browser Support =
  
 
Browser support for the <keygen> feature used to request and receive certificates directly in the browser is fading away. Google Chrome removed it in 2017 and Firefox removed it in 2019 (from version 69). Microsoft Edge has not supported it. Safari still supports it as of today, and Internet Explorer has another mechanism available that provides the same feature.
 
Browser support for the <keygen> feature used to request and receive certificates directly in the browser is fading away. Google Chrome removed it in 2017 and Firefox removed it in 2019 (from version 69). Microsoft Edge has not supported it. Safari still supports it as of today, and Internet Explorer has another mechanism available that provides the same feature.
  
Thus, to request a certificate inside the browser, you need to be using one of these:
+
Thus, to request a certificate directly in the browser, you need to be using one of these:
  
 
* Safari
 
* Safari
Line 27: Line 27:
 
= Requesting a personal grid certificate directly in the browser =
 
= Requesting a personal grid certificate directly in the browser =
  
# Start a suitable web browser (see Caveat above for details):
+
# Start a suitable web browser (see Browser Support above for details):
 
## Windows:
 
## Windows:
 
### Internet Explorer
 
### Internet Explorer

Revision as of 12:03, 26 September 2019

< Grid certificates

Browser Support

Browser support for the <keygen> feature used to request and receive certificates directly in the browser is fading away. Google Chrome removed it in 2017 and Firefox removed it in 2019 (from version 69). Microsoft Edge has not supported it. Safari still supports it as of today, and Internet Explorer has another mechanism available that provides the same feature.

Thus, to request a certificate directly in the browser, you need to be using one of these:

  • Safari
  • Internet Explorer
  • Firefox ESR (as long as they are based on Firefox before version 69)

For other browsers you need to generate the key and CSR outside of the browser, paste in the CSR, download the certificate and import it into the browser (if that is where the cert is going to be used). We hope to be able to update the instructions for that soon.

For some background, see https://knowledge.digicert.com/generalinformation/keygenfirefox.html

Set a master password

When using Firefox, or any browser on Linux/Unix, it is highly recommended to use a Master Password to protect stored logins and passwords.

Instructions for Firefox: https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

Requesting a personal grid certificate directly in the browser

  1. Start a suitable web browser (see Browser Support above for details):
    1. Windows:
      1. Internet Explorer
      2. Firefox up to version 68 (does not use OS certificate store, obtained certificate is only available to Firefox)
    2. macOS:
      1. Safari
      2. Firefox up to version 68 (does not use OS Keychain, obtained certificate is only available to Firefox)
    3. Linux/Unix:
      1. Firefox up to version 68 (obtained certificate is only available to Firefox)
  2. Go to https://digicert.com/sso
  3. Type the first characters of your university (or similar) and then select the Identity Provider to use for login.
    File:Digicert-idp.png
  4. Login at your home university.
  5. Select the Grid Premium product.
    File:Digicert-product-select.png
  6. Normally, leave the CSR field blank to get a key generated in your browser.
  7. Press "Request Certificate".
  8. Your certificate is generated and should be automatically imported into your browser.

Exporting the Digicert certificate

If you need to use the certificate with other programs it needs to be exported to a file and imported where appropriate.

See Exporting a client certificate for detailed instructions on how to export a Digicert certificate from the most popular browsers.

Adding certificate to OS certificate store

Some operating systems have a built in keychain/keystore. If Firefox was used the certificate needs to be imported to keychain/keystore in order to be available for other programs.

Windows: FIXME: Investigate and update instructions accordingly.

Using the certificate with grid tools

To use the Digicert certificates with the ARC grid client they have to be exported from the browser into a file and then converted into a suitable format.

See Preparing a client certificate for detailed instructions on how to prepare an exported certificate for use with grid tools.