What is a X.509 certificate?
The X.509 standard defines as a digital certificate an electronic document associated with a physical person or a computer service that certifies its identity, it is formed by a public key and a private key provided by the Certification Authority which guarantees its validity.
What is it for?
In general, being an identity certificate is used in public key infrastructure (PKI) authentication systems such as the INFN AAI / IdP service or Grid VOMS service; it can also serve to sign and encrypt your e-mail messages.
How can I use it?
How to use depends on the service you want to use, if you want to access web services (INFN portal, online magazines, ...) you need to install the certificate in your browser (Firefox, Chrome, Safari, .. .), while your Mail User Agent (Thunderbird, Outlook, Apple Mail, ...) needs to be configured for e-mail. The procedure for accessing Grid resources requires some command-line operations that may vary depending on the VO (Virtual Organization) membership.
How can I request it?
You can apply for your certificate directly to the Certification Authority of the TCS (TERENA Certificate Service) that INFN is part of; simply connect to digicert.com/sso and select INFN as Identity Provider then authenticate and choose the product from:
- Grid Premium
The difference between the two is the maximum validity period; the Grid security policy states a maximum period of one year.
ATTENTION: The only browsers that allow the self-generation of the certificate are FirefoxESR (not Firefox), Internet Explorer 11 and Safari, for all the others you must provide the Digicert system with a CSR (Certificate Signing Request), the instructions are visible on the site of the GARR at the page https://www.servizi.garr.it/en/cs/personal-certificate in the section "GENERATE A CERTIFICATE WITH CSR".