This page is pertinent only to the worthless EDG tutorial CA operated by the DutchGrid and NIKHEF Certification Authorities. This CA was established explicitly for automatic authentication by tutors at the EDG tutorial sessions, where more stringent authentication method would induce unacceptable delays.

The policy of the EDG tutorial CA is non-existant: defined ad-hoc for every tutorial. Do not use this certification authority for production use!
If you want true certification in the context of the EU DataGrid project, for use in any VO other than EDGtutorial, you must apply for a medium-security certificate.

Application

If you want to apply for a Demo certificate, please follow the follow this direct link to make a certificate request. For completeness sake, you might have a look at the User Help pages, and in the final stage request "EDGtutorial" certification. Please do not request any other kind of certificate!
Then, come back here and follow these simple steps:

• run the script that you got in the last step from the build-a-req process
• Upload your certificate request and provide the ad-hoc authentication tokens (your instructors know and told you). This process MUST complete successfully before you can continue!
• Ask your tutor to authentice your request
• Lookup your name in the list of active certs
• Save the file from your browser. The file should be written to:
  $HOME/.globus/usercert.pem
• See if your grid-proxy-init is successful
• Convert your cert to a format for your web browser:
  Go to your $HOME/.globus/ directory and "export" your key pair in this format using OpenSSL:

  openssl pkcs12 -export -in usercert.pem -inkey userkey.pem \
                  -out $HOME/my-pkcs12-packed-keypair.p12
      

  You will have to provide the passphrase to decrypt your private key, and subsequently you also have to provide an "export" passphrase twice. This "export" passphrase can be different from your regular one!
  Open the security window of your web browser (Netscape or IE) and select "import personal certificates". Select your ".p12" file and provide the export passphrase again. You can transport the PKCS#12 file between platforms (so you can generate your certificate and PKCS#12 package on a Linux system, copy the file to your Windows machine and import it in Internet Explorer).
• connect to the EDG Guidelines server, if explained in the tutorial handouts

Worthless DutchDemo CA Information Summary

CA name/hash	EDGtutorial CA	225860ae
CA end-user request information	use the build-a-req web interface only!
CA issued certificates	in HTML list format
CA certificate	PEM format	RPM for EDG testbed: direct or secure site
CA certificateRevocationList	PEM format
CA Policy	NO policies
Cert Requests	Build-a-Cert web interface

EDG tutorial CA Policy (CP/CPS)

The policy is only defined ad-hoc during the tutorials.

Tutors and Registration Authorities

• List pending requests and approve
• List all certificates, revoke and expire