What do I do with my certificate?
|
Now that I have a certificate, what should I do with it?
How do I sign and/or encrypt email messages?See How to Set Your Email Client to Digitally Sign and/or Encrypt your Outgoing Messages. What security measures do I need to take ?I want a little background first. The certificate file you export from your browser should be kept only on removable media. When you first export this file, copy it to a local drive that is inaccessible to the network, import it into applications as necessary, then remove it from your machine after you're done, keeping it on removable media for future use. You'll need to keep your userkey.pem file on your machine if you need to get proxy certificates. Please follow these security guidelines with regard to your pem file, private key and related files:
Grid information (users and admins)Globus usersYou need a proxy certificate in order to submit grid jobs using Globus tools. We only provide information for Linux/UNIX. Please read the Fermilab Grid Access Control Policy.
Consult the Globus documentation and/or your VO-specific documentation to learn how to run grid jobs using your proxy certificate. Middleware administratorsGrid middleware administrators, see Host and Service certificates and FermiGrid pages.
TroubleshootingIf the browser test fails for a personal certificate ...
The browser test succeeds, but other sites fail ...
Your KCA certificate doesn't prompt you to renew it ... Your certificate has been compromised (how do you know?) ... I forgot my encryption password and can't reimport my exported certificate ...
Trouble with signing/encrypting email messages.
|
For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by TR on July 13, 2006. (Address comments about page to the Computer Security Team.) |