FusionGrid CAs
The FusionGrid accepts certificates signed by two CAs:
DOEGrids
CA and
FusionGrid CA. Both of these CAs are subordinate
to the
ESnet Root CA, i.e. they are located and managed by
ESnet and the CA certificates are signed by the ESnet Root CA. There
are two CAs because of the different Certificate Policies (CPs) of the
two CAs. The DOEGrids CA certificates are trusted by Grids at all the
DOE research laboratories and many international high energy physics
laboratories. As a result the CP must be acceptable to all the relying
parties and is very hard to modify. It does not allow user private
keys to be stored by third parties, but only by the holder. The
FusionGrid CA specifically allows user long-term credentials to be
stored on secure servers, thus freeing the user from credential
management issues and allowing single-signon using a user name and
password.
The FusionGrid CA only issues person certificates. All host and
service certificates in the FusionGrid still come from DOEGrids
CA. The FusionGrid CA was commissioned on Oct 20, 2004.
Servers
- FusionGrid Certificate Manager
- Use to have certificates mananged by a central server
- FusionGrid CA
- Use if you want to manage your own certificates
- DOEGrids CA
- Use for host certificates
Files
A resource provider or Globus client who wishes to use or accept
certificates issued by these CA needs to install the following files
in its /etc/grid-security/certificates directory
FusionGrid CA Management
