---+ Checking authentication and your certificate Your *username*: %USERNAME% Your *wikiname*: %WIKINAME% ---+++ Authority certificates If you are prompted to confirm that you accept this server's certificate _every time_ you connect to these pages in https mode, then you're advised to install the issuing eScience Authority certificates into your browser: the [[http://ca.grid-support.ac.uk/pub/certs/new-escience-root.cer][e-Science Root certificate]] (click and leave unticked all options) and then the [[http://ca.grid-support.ac.uk/pub/certs/new-escience-ca.cer][e-Science CA certificate]] (click and tick all options). After that your browser will trust all server certificates issued by the UK e-Science CA, including this server's certificate. The same applies in Firefox 3 onwards if you receive the warning <font color="darkslategray"> _Secure Connection Failed, www.ep.ph.bham.ac.uk uses an invalid security certificate_ </font>. Rather than following the link which says <em><font color="darkslategray">Or you can add an exception</font></em>, it's better to install the Authority certificates above and so validate the server certificate properly. Subsequently, if you hover the mouse over the icon to the left of the address bar, a tooltip will appear saying <em><font color="darkslategray">Verified by: eScienceCA</font></em>. If you get other _browser pop-ups_ notifying you of errors in https mode, then the chances are that your browser contains old e-Science certificates that are now superseded. In the certificate Authorities section of your browser's preferences, carefully remove old e-Science Authority certificates from your browser (but ensure you do not remove your personal certificate), and then re-install the current e-Science Authority certificates as in the previous paragraphs. If in doubt, check with L.S.Lowe. ---+++ Authority certificates in Firefox 3.5 onwards In Firefox 3.5 onwards, the eScience authority certifcates come pre-installed. So if you click on the links in the previous section, you get the message "This certificate is already installed as a certificate authority". Unfortunately, the pre-installed CA certificate has not been enabled to identify Web sites. To fix this, go to Preferences -> Advanced -> Encryption -> View Certificates -> Authorities. Scroll down to eScienceRoot, click on UK e-Science CA, click Edit, tick "This certificate can identify web sites" and click OK. ---+++ Personal certificate To be able to update these pages, your personal User certificate needs to be in order and present in your browser. Also, if there are wiki pages that only certain wiki users are allowed to view, then again it will necessary to have your certificate present and correct so that your wikiname is correctly identified. For this to happen, you must be in https mode. Moreover, your certificate *DN* needs to be known to this web server. We support certificates issued by the following authorities: * *UK e-Science CA*: to check that a User certificate issued by this CA is installed correctly in your browser, visit the e-Science <a target="_blank" href="https://ca-admin.grid-support.ac.uk/cgi-bin/pub/pki?cmd=test_cert"> Test Certificate</a> web page. * *CERN CA*: to check that a User certificate issued by this CA is installed correctly in your browser, visit the <a target="_blank" href="https://www.cern.ch/login/Account.aspx">CERN Authentication</a> page and click on _Login using your Certificate_. * *US DOEGrids CA*: to check that a User certificate issued by this CA is installed correctly in your browser, visit this <a target="_blank" href="https://security.fnal.gov/cgi-bin/doetest/displaycert.cgi">SLAC Test Certificate</a> web page. If the appropriate certificate test works correctly and you still have problems authenticating on our TWiki, then contact LawrenceLowe. Visit <a target="_blank" href="https://www.ep.ph.bham.ac.uk/cgi-ssl-any/sslclientinfo">this diagnostic page</a> and copy/paste the contents into the email. If you are a new member of the group then it's possible that your certificate *DN* is not yet added on our server. Your certificate *DN* (distinguished name) is a string similar to _/C=country/O=someorg/OU=someunit/L=someloc/CN=firstname lastname_. ---
This topic: Main
>
WebHome
>
BhamCert
Topic revision: r24 - 04 Dec 2009 - _47C_61UK_47O_61eScience_47OU_61Birmingham_47L_61ParticlePhysics_47CN_61lawrence_32lowe
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback