Polish Grid - Certification Authority
The Polish Grid Certification Authority provides x509 certificates to be used
in the context of the Polish Grid testbed activities. The certification authority
issues certificates for individuals and machines. The ownership
of a certificate does not imply automatic access to any computing resources.
Access rights to individual machines must be granted by the corresponding
system administrator before access is allowed.
Certification policy and practice
The Polish Grid CA certification policy is available here.
Current list of RA's for Polish Grid CA can be found here
How to obtain a certificate
To obtain a certificate the requester must be a invlolved in Polish Grid activities.
Requesting a personnel certificate under Globus can be done
by portal https://plgrid-ca.pl/
Validity and liability
Certificates issue by the Polish Grid CA are valid only in the context of the
Polish Grid activities, any other use including financial transactions
is strictly forbidden.
The Polish Grid CA will not be held liable for any problems arising from its
operation or use made of the certificates it issues. The Polish Grid CA is
run in a best effort basis and does not give any guarantees about
the service security.
The CA operation is however performed with a reasonable level of security
and the identity of the subjects requesting certificates will be verified
accordingly with the CA policy.
Obtaining the CA certificate
The Polish Grid CA certificate is required to verify the authenticity
of issued certificates. The Polish Grid CA certificate can be downloaded in
PEM format here
or in DER format for web browsers
|Polish Grid CA Essential Data
|Distinguished Name (RFC2253)
||CN=Polish Grid CA, O=GRID, C=PL
|SHA1 Finger Print
|MD5 Finger Print
|Subject Namespaces (RFC2253)
||CN=.*, O=.*, O=GRID, C=PL
The Polish Grid CA is an EUGridPMA Accredited Classic Authority. Root anchors registered with the TERENA Academic CA Repository.
Installing the CA certificate in systems running Globus
The following procedure must be followed to install the Polish Grid CA certificate.
The certificate must be installed in each system running Globus in order
to recognize Polish Grid CA issued certificates.
You can download RPM with Polish Grid CA from EUGridPMA repository
Download the key file as explained above, do not change the filename.
Copy the CA certificate to the following directories:
Change the protection of the file to 644.
Update the CA signing policy file ca-signing-policy.conf by appending the following lines:
access_id_CA X509 '/C=PL/O=GRID/CN=Polish Grid CA'
pos_rights globus CA:sign
cond_subjects globus '"/C=PL/O=GRID/*"'
insert your organisation acronim instead of xxx
Certificate Revocation Lists (CRLs)
Sometimes issued certificates must be canceled, in this case a CRL
will be made available through this web page. For a CRL to be effective
it must be downloaded and installed in each system accepting Polish Grid CA certificates.
The most recent CRL for the Polish Grid CA can be downloaded here
The CRL can be downloaded in your browser here
The Polish Grid CA is managed by Poznan Supercomputing and Networking
Center in Poznan. The contact person for this document and Polish Grid CA
in general is:
Polish Grid CA
Poznan Supercomputing and Networking Center
ul. Noskowskiego 10
61-704 Poznan Poland
phone: +48 61 8582052
fax: +48 61 8525954