TWiki> Main Web>BhamCert (revision 26)EditAttach

Checking authentication and your certificate

Your username: guest

Your wikiname: TWikiGuest

Authority certificates

If you are prompted to confirm that you accept this server's certificate every time you connect to these pages in https mode, then you're advised to install the issuing eScience Authority certificates into your browser: the e-Science Root certificate (click and leave unticked all options) and then the e-Science CA certificate (click and tick all options). After that your browser will trust all server certificates issued by the UK e-Science CA, including this server's certificate.

The same applies in Firefox 3 onwards if you receive the warning Secure Connection Failed, uses an invalid security certificate . Rather than following the link which says Or you can add an exception, it's better to install the Authority certificates above and so validate the server certificate properly. Subsequently, if you hover the mouse over the icon to the left of the address bar, a tooltip will appear saying Verified by: eScienceCA.

If you get other browser pop-ups notifying you of errors in https mode, then the chances are that your browser contains old e-Science certificates that are now superseded. In the certificate Authorities section of your browser's preferences, carefully remove old e-Science Authority certificates from your browser (but ensure you do not remove your personal certificate), and then re-install the current e-Science Authority certificates as in the previous paragraphs. If in doubt, check with L.S.Lowe.

Personal certificate

To be able to update these pages, your personal User certificate needs to be in order and present in your browser. Also, if there are wiki pages that only certain wiki users are allowed to view, then again it will necessary to have your certificate present and correct so that your wikiname is correctly identified. For this to happen, you must be in https mode. Moreover, your certificate DN needs to be known to this web server.

We can support certificates issued by the following authorities:

  • UK e-Science CA: to check that a User certificate issued by this CA is installed correctly in your browser, visit the e-Science Test Certificate web page.
  • CERN CA: to check that a User certificate issued by this CA is installed correctly in your browser, visit the CERN Authentication page and click on Login using your Certificate.
  • US DOEGrids CA: to check that a User certificate issued by this CA is installed correctly in your browser, visit this SLAC Test Certificate web page.

If the appropriate certificate test works correctly and you still have problems authenticating on our TWiki, then contact LawrenceLowe. Visit this diagnostic page and copy/paste the contents into the email. If you are a new member of the group then it's possible that your certificate DN is not yet added on our server.

Your certificate DN (distinguished name) is a string similar to /C=country/O=someorg/OU=someunit/L=someloc/CN=firstname lastname.

Edit | Attach | Print version | History: r27 < r26 < r25 < r24 < r23 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r26 - 16 May 2011 - 13:03:45 - LawrenceLowe
Main.BhamCert moved from Main.CheckCert on 06 Oct 2008 - 11:00 by LawrenceLowe - put it back
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback