What is a X.509 certificate?
The X.509 standard defines as a digital certificate an electronic document associated with a physical person or a computer service that certifies its identity, it is formed by a public key and a private key provided by the Certification Authority which guarantees its validity.
What is it for?
In general, being an identity certificate is used in public key infrastructure (PKI) authentication systems such as the INFN AAI / IdP service or Grid VOMS service; it can also serve to sign and encrypt your e-mail messages.
How can I use it?
How to use depends on the service you want to use, if you want to access web services (INFN portal, online magazines, ...) you need to install the certificate in your browser (Firefox, Chrome, Safari, .. .), while your Mail User Agent (Thunderbird, Outlook, Apple Mail, ...) needs to be configured for e-mail. The procedure for accessing Grid resources requires some command-line operations that may vary depending on the VO (Virtual Organization) membership.
How can I request it?
You can apply for your certificate from GARR website at https://www.servizi.garr.it/en/cs/personal-certificate by authenticating and choosing one of the following items:
- GÉANT Personal Certificate: Standard certificate
- GÉANT IGTF-MICS Personal: Standard certificate + GRID
The difference between the two is the maximum validity period; the Grid security policy states a maximum period of one year.
ATTENTION: The only browsers that allow the self-generation of the certificate are FirefoxESR (not Firefox), Internet Explorer 11 and Safari, for all the others you must request also the private key to SECTIGO, by selecting "Generate RSA" or provide a CSR (Certificate Signing Request). The instructions are visible in the video tutorials on GARR web site at the page https://www.servizi.garr.it/en/cs/personal-certificate in the section "REQUEST A CERTIFICATE WITH CSR".