Frontemare di Trieste
Istituto Nazionale di Fisica Nucleare
Sezione di Trieste

X.509 certificates

What is a X.509 certificate?

The X.509 standard defines as a digital certificate an electronic document associated with a physical person or a computer service that certifies its identity, it is formed by a public key and a private key provided by the Certification Authority which guarantees its validity.

What is it for?

In general, being an identity certificate is used in public key infrastructure (PKI) authentication systems such as the INFN AAI / IdP service or Grid VOMS service; it can also serve to sign and encrypt your e-mail messages.

How can I use it?

How to use depends on the service you want to use, if you want to access web services (INFN portal, online magazines, ...) you need to install the certificate in your browser (Firefox, Chrome, Safari, .. .), while your Mail User Agent (Thunderbird, Outlook, Apple Mail, ...) needs to be configured for e-mail. The procedure for accessing Grid resources requires some command-line operations that may vary depending on the VO (Virtual Organization) membership.

How can I request it?

You can apply for your certificate from GARR website at by authenticating and choosing one of the following items:

  • GÉANT Personal Certificate: Standard certificate
  • GÉANT IGTF-MICS Personal: Standard certificate + GRID

The difference between the two is the maximum validity period; the Grid security policy states a maximum period of one year.

ATTENTION: The only browsers that allow the self-generation of the certificate are FirefoxESR (not Firefox), Internet Explorer 11 and Safari, for all the others you must request also the private key to SECTIGO, by selecting "Generate RSA" or provide a CSR (Certificate Signing Request). The instructions are visible in the video tutorials on GARR web site at the page in the section "REQUEST A CERTIFICATE WITH CSR".



NOTE! This site uses cookies and similar technologies.

If you do not change your browser settings, you agree. Learn more

I agree