CERTS

If you do NOT have a grid certificate yet or need to renew your certificate, you need to either request a certificate or request a renewal. Here are a few links to help with this process:

• Full instructions are available on the PPDG Certificate Request page or are also available from the DOEGrids CERT request page. As a quick summary, the DOE Grid certificate manager system is your first point of contact to get or renew a certificate. If you have never been granted a certificate, you can request one by going to that site and filling the form provided from that page. What you need to know however:
  - Your registration Authority is PPDG . 
  - Your RA Agent / Sponsor in the DOEGrids PKI is "Jerome Lauret" (please, see listing here if you are not from STAR)
  - It does not hurt to specify (again) in the comment box that you belong to STAR
• After a certificate is granted to you, visit this link on how to Export your key pair for use by Globus grid-proxy-init 
• If you ONLY need to renew a certificate, go to the same DOE Grid certificate manager BUT select "Replacement Certificate" link on the left side of the menu. This interface is desperately simple :-) ... click on "submit" after reading the text and an Email will be sent to you with the a link to follow (from the SAME browser the request was issued) to retrieve your certificate. The usual browser import will happen. The big advantage is that the CN will be preserved (so no need for gridmap change).

VOMS and VOMRS

Having a CERT is the first step. You now need to be part of a Virtual Organization (VO).

STAR used VOMRS during PPDG time and switched to VOMS at OSG time to maintained its VO user's certificates. Only VOMS is currentely maintained. A VO is used as a centralized repository of user based information so all sites on the grid could be updated on addition (or removal) of identifications. VOMS service and Web interface are maintained by the RACF. Note that as a request for a CERT, being added to the STAR VO requires approval from the STAR-RA.

Important notes

• by requesting a certificate you indicate that you accept the Certificate Policy and Certificate Practice Statement and that you agree to the Subscriber Obligations specified in that document.
• While not necessary and not regulated, STAR uses the following CN naming convention
  • Additional user certificates mapped to generic accounts: the CN would indicate the CERT owner's name. The generic account would appear in parenthesis. An example: /CN=Lidia Didenko (starreco)
  • Service certificates: The CN field shows the requestor of the certificate.