
	SERVICE LINKS

	Home

	How to Request Certificates

	Policy Management Authority

	Certificate Service

	Renew
	Revoke
	Certificate Lookup
	Research and Development

	SERVICE DOCUMENTS

	CP/CPS

	CRLs

	CA Certificates

	Certificate Request Workflow
	EDG Testbed 1 requirements

	Frequently Asked Questions
	Send Info Request

Frequently Asked Questions

Go to the Agent Renewal link and follow the instructions on the webpage.

Back to Top

How do i stop certificate renewal notices?

The notices continue until about 30 days after expiration. You have to revoke old certificates to end notifications; either your RA can do that for you, or you can do it yourself if you set up a challenge password for the certificate.

Back to Top

Can I request a certificate for myself using grid-cert-request?

No. Personal certificates must be requested using a web browser by going to DOEGrids Certificate service.

Back to Top

Can I email a personal or host/service certificate request rather than using my web browser to request/submit one?

No. Currently there is no email gateway into the request process. You must use the web by going to DOEGrids Certificate service.

Back to Top

I forgot my pass phrase. Can you please reset it to the default or call me with it or send it to me in an email?

No. The pass phrase securing your private key is only stored/managed by you. You must revoke your certificate and submit a new request. Go to the revoke link on the right to revoke your certificate and the Certificate service to request an new certificate.

Back to Top

Does the subject of my certificate request have to conform to the DOEGrids namespace? That is, does it have to be of the form OU=People, O=doegrids,DC=org?

The name space assigned by the DOEGrids PMA is designed to be organizationally/site neutral to allow support to a number of Virtual Organizations. The structure of the Name does not imply any authorization information. No other name space will be signed by DOEGrids or its Registration Authorities.

Back to Top

My favorite web browser is XXXX. Why don't you support it?

IA number of browsers and systems have been tested, but we can not cover all. The following table summarizes our findings.

	Operating System	Browser	Description
1.	Solaris/Windows /Mac OS	Netscape 7.x	Usable
2.	Solaris/Windows /Mac OS	Mozilla 1.x / Firefox 1.x	Usable
3.	Windows 2000 and XP	Internet Explorer 6.0 with up to date security patches and System patches	Usable
4.	Windows 2000 and XP	Internet Explorer 5.5 with up to date security patches and system patches	Usable
5.	Win XP	Opera 6.02	Usable only if Identified as a Mozilla 3.0’

Back to Top

I am not a part of the the Virtual Organizations listed on the Home page, can I have a certificate?

Only members of participating Virtual Organizations may be issued a Certificate, all other requests will be rejected. DOEGrids is supporting Virtual Organizations that are a part of the Department of Energy or work with DOE. If you think your VO would like to join DOEGrids, please send an information request. There is a link for Info requests in the bar to your right.

Back to Top

I am part of a Virtual Organization listed on the Home page but there is no sponsor listed for my institution/Site. What should I do?

Please email the POC listed for your Virtual Organization and explain in detail who you are and why you think there should be a sponsor from your institution. He/she will work with you to handle your certificate requirements or help set up a institutional/site agent for you.

Back to Top

How do I revoke my certificate?

Go to the revoke link on the right bar and follow the instructions on the webpage.

Back to Top

I am a DOEGrids agent, how do I revoke a certificate I issued?

As a DOEGrids Registration Authority Agent, you have the access and ability to revoke any certificate issued by DOEGrids. You must be careful to select the correct certificate before revoking it. Please follow the following steps:

Got to: https://pki1.doegrids.org:8100/ca

Click on "Search for certificates"

Enter part of the Common name field

Click Find

Look carefully at the list returned & pick out the right one.

Click on "Revoke", and fill in the reason

Click Submit

Back to Top

How do i request SSL Server Certificate request for Apache webserver?

Please download the 'doegrids.tar' file from https://pki1.doegrids.org/Other/doegrids.tar
Untar the distribution in to /tmp directory.
Make sure OpenSSL is really installed and in you PATH.
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):

$ openssl req -newkey rsa:1024 -keyout server.key -keyform PEM -out server.csr -config /tmp/doegrids/globus-host-ssl.conf.1c3f2ca8

Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommanName", i.e when you generate a CSR for a website which will be later accessed via https://www.foo.com, enter www.foo.com here. You can see the details of this CSR via the command

$ openssl req -in server.csr -noout -text

Please refer the following URL http://httpd.apache.org/docs-2.0/ssl_faq.html for more details."/tmp/doegrids/globus-host-ssl.conf.1c3f2ca8" file has all the necessary changes to generate a SSL Server certificate request, which is in compliance with DOEGrids CA policy.

Frequently Asked Questions

General questions

Certificate questions

Browser questions