4.1 Certificate Application

4.1.1 Certificate Application Workflow

The workflow for grid certificate application is shown in the following figure:

Fig. 4.1.1-1 Grid certificate application workflow

There are two steps for certificate application:

Step one:Download the application form from the website, fill and submit to RA Operator. After the approval of RA Operator, user can go to step two.

Step two: From the "online request" in webpage https://cagrid.ihep.ac.cn user can submit various kinds of certificate request to CA Operator.

4.1.2 User Certificate Apply

The website for user certificate apply is https://cagrid.ihep.ac.cn/

An example for user certifiate apply (use IE web browser as an example)

Fig. 4.1.2-1 User certificate apply

Click “Request a Certificate” button at the bottom of the webpage。

Fig. 4.1.2-2 Get the application form

Click the red box shown in above figure, get the certificate application form. Fill it and send it to RA Operator by email. If the user is authenticated to apply a certificate, he will receive a confirm email.

After receive the email, user can submit the online request for certificate on IHEP Grid CA website. Click "Online for User Request" in https://cagrid.ihep.ac.cn, following the hints in webpages to fill the organization, unit, last name, and first name, etc.

After filling the personal information, the webpage looks like:

Fig. 4.1.2-3 Filling the personal information

Then click "Next" to generate the key for certificate apply, and following the hints in the webpages, click next/confirm to until you see the following webpage:

Fig. 4.1.2-4 Generate request information

Choose "Generate Request",and confirm,see the figure below.

Fig. 4.1.2-5 Confirm information

Then user will receive an email from ihepca@ihep.ac.cn looks like:

Fig. 4.1.2-6 The confirm email

User need to click the URL links in the email to confirm the application, as shown below.

Fig. 4.1.2-7 Confirm successfully

Then you can see the "Success" button in webbrowser, it means that the system has received the user's application. You will ge reply from the CA Operator in 5 workdays.

4.1.3 Apply for Host Certificate

To apply for a host certificate, you have to own a user certificate issued by IHEP CA.

The workflow is shown bellow:

Visit https://cagrid.ihep.ac.cn in a web browser with your user certificate imported.

Fig. 4.1.3-1 Main interface for host certificate apply

Click "Request Certificate"

Fig. 4.1.3-2 Web interface for host certificate apply - 2

Click "Online for Host Request", then choose your user certificate if required,

Fig. 4.1.3-3 Choose your certificate

then start apply,

Fig. 4.1.3-4 Fill the DN of host certificate

Fill the domain name (DN) of the host certificate, and applicant's email address, then click "next" and continue,

Fig. 4.1.3-5 Fill in the information of host certificate

Following the hints of the webpage, fill in the organization and unit,

Fig. 4.1.3-6 Fill in the information of host

then click Continue:

Fig. 4.1.3-7 Confirm the agreement

Click Continue,you will see the following webpage

Fig. 4.1.3-8 Confirm the information of host certificate

choose “Generate Request”:

Fig. 4.1.3-9 Confirm the information of host certificate

Finally, you will receive an email:

Fig. 4.1.3-10 Confirm email

Visit the URL in the email by a web browser, and confirm

Fig. 4.1.3-11 Confirm successfully

If you see "success" in the webpage, it means that the application is successfully submitted. The system has received you host certificate application. The CA Operator will issue your host certificate in 5 workdays.

4.1.4 Get the certificate

If the certificate is issued, the applicant will receive an email as below

Fig. 4.1.4-1 Email notification when certificate is issued

There are two ways to get the certificate:

Way 1: There is a serical number in the email, e.g. 1192652867203875766364965. You should use the browser which you used to apply the certificate, then visit https://cagrid.ihep.ac.cn,

Fig. 4.1.4-2 Main interface for certificate download

click “install my certificate”

Fig. 4.1.4-3 Install the downloaded certificate

Fill in the Serial Number, the certificate will be downloaded and installed to web browser.

Way 2: In the email, there is a URL for automatically get the certificate, e.g.

You can either follow the proposed link to import the certificate directly from the server (no action required from you): https://cagrid.ihep.ac.cn:443/cgi-bin/pki/pub/pki?cmd=getcert&key=1192652867203875766364965&type=CERTIFICATE

Use the web browser which is used for applying the certificate, click or input the above URL, you can get certificate.

4.1.5 Notice

  1. The applicant will receive two emails from ihepca@ihep.ac.cn , their subject are "OpenCA Certificate information" & "OpenCA Certificate and PIN information". Here "OpenCA Certificate information" presents the detail guide to get the certificate, while "OpenCA Certificate and PIN information " is an encrypted email to garantee that this email is not readed by third-party before the applicant read it.

  2. If user didn't receive the reply email from ihepca@ihep.ac.cn in a reasonable time, please check the filter function of your mail system to see if the email is put into trush. If you still haven't received the email, please contact CA Operator.

  3. When get the certificate, please use the web browser which you used for applying the certificate, and please don't update the web browser during this period. Else you may not get the certificate since private key lost.

  4. Mac OS X and Safari are not supported currently. There may be some problems with IE or Chrome. Therefore, Firefox is most recommanded web browser for certificate application.

4.1.6 Export the certificate from web browser

Take IE as an example

  1. Open the browser --> Tools --> Internet Options
  2. Content --> Advanced --> Certificate Management --> Choose Certificate --> Export

4.1.7 Information of the administrators

RA Operator (Registration Authority)SUN Gongxing:sungx@ihep.ac.cn +86 010 88236004 CA Operator(Certification Authority) YAN Tian: yant@ihep.ac.cn +86 010 88236837

results matching ""

    No results matching ""