Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "FAQ Renewing a personal certificate"

From EGIWiki
Jump to navigation Jump to search
Line 24: Line 24:
Note: DTEAM VO, ATLAS ALICE CMS and LHCb are based on a VOMRS registration service.
Note: DTEAM VO, ATLAS ALICE CMS and LHCb are based on a VOMRS registration service.


== In case of VOMS Admin registration service ==
== In case of VOMS Admin registration service ==
The actions tdepend on the VOMS Admin version. To check the version follow the these steps:
# Go to the [http://operations-portal.egi.eu/vo VO ID Card] by choosing "search by VO name"and selecting the VO you are interested in. The Operations Portal will bring you to the VO ID Card.
# Select "Enrollment Url" and click on it. The link brings you to the VOMS Admin page
# Check the version at the bottom of the page


=== If the VOMS Admin version is earlier than 2.5 ===
The actions depend on the VOMS Admin version. To check the version follow the these steps:
You have to register again. This process effectively creates a new user in the VO.
 
#Go to the [http://operations-portal.egi.eu/vo VO ID Card] by choosing "search by VO name"and selecting the VO you are interested in. The Operations Portal will bring you to the VO ID Card.
#Select "Enrollment Url" and click on it. The link brings you to the VOMS Admin page
#Check the version at the bottom of the page
 
=== If the VOMS Admin version is earlier than 2.5 ===
 
You have to register again. This process effectively creates a new user in the VO.  


With the new certificate loaded in your browser, go to the VO Registration page and submit a new request to join the VO. The VO Admin will then approve (or deny) the new request.  
With the new certificate loaded in your browser, go to the VO Registration page and submit a new request to join the VO. The VO Admin will then approve (or deny) the new request.  


This process is independent of the old certificate being still valid or not. If you had any Roles or belonged to any Group those have to be re-created for the new registration by the VO manager. After the new registration is complete and any Roles reassigned, you should ask the VO manager to delete the old entry from the VO (there is no need to maintain entries that are not valid anymore). If you are the VO Administrator you will have to ask the VOMS_Server system administrator to reassign the VO-Admin Role. You can try to approve your new entry with the old certificate loaded in their browser, while this is still valid, and assign the VO-Admin Role to your (new) self.
This process is independent of the old certificate being still valid or not. If you had any Roles or belonged to any Group those have to be re-created for the new registration by the VO manager. After the new registration is complete and any Roles reassigned, you should ask the VO manager to delete the old entry from the VO (there is no need to maintain entries that are not valid anymore). If you are the VO Administrator you will have to ask the VOMS_Server system administrator to reassign the VO-Admin Role. You can try to approve your new entry with the old certificate loaded in their browser, while this is still valid, and assign the VO-Admin Role to your (new) self.  
 
=== If the VOMS Admin version is 2.5 or later  ===


=== If the VOMS Admin version is 2.5 or later ===
Instructions are provided in the [http://www.eu-emi.eu/products/-/asset_publisher/z2MT/content/voms-admin#Documentation VOMS Admin User Guide] (follow the path ''Documentation'' -> ''User Guide'' -> ''Requesting the addition of a new certificate to the membership'') [Instructions for [https://twiki.cern.ch/twiki/bin/view/EMI/EMIVomsAdminUserGuide261#Requesting_the_addition_of_a_new VOMS Admin 2.6.1]]
Instructions are provided in the [http://www.eu-emi.eu/products/-/asset_publisher/z2MT/content/voms-admin#Documentation VOMS Admin User Guide] (follow the path ''Documentation'' -> ''User Guide'' -> ''Requesting the addition of a new certificate to the membership'') [Instructions for [https://twiki.cern.ch/twiki/bin/view/EMI/EMIVomsAdminUserGuide261#Requesting_the_addition_of_a_new VOMS Admin 2.6.1]]


= External links =  
= External links =  
* See [http://www.eu-emi.eu/products/-/asset_publisher/z2MT/content/voms-admin VOMS Admin] EMI Product information.
* See [http://www.eu-emi.eu/products/-/asset_publisher/z2MT/content/voms-admin VOMS Admin] EMI Product information.

Revision as of 12:47, 10 January 2013

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators


Q1: When does my personal certificate identify change?

Your certificate identity will change if for example:

  • you move and get a certificate from a different Certification Authority (CA)
  • your CA changes the format of your certificate Subject (or DN)
  • your CA changes its own (the Issuer) certificate Subject (or DN)

Q2: What happens if my personal certificate is renewed?

If there are no changes to the certificate identity when the certificate is renewed then no action is necessary for your VO membership.

Q3: What happens if my personal certificate identify changes?

If your the identity (the Subject or DN) of your personal certificate changes you must register the new identity in the VO(s) you are member of in order to maintain access to the Grid. The correct actions to be undertaken depend on the registration service that the VO uses (VOMS Admin or VOMSRS). Information on the type of registration service used can be obtained from the VO ID Card available from the EGI Operations Portal, or by contacting the VO Manager (VO Manager contact information is also available in the VO ID Card).

In case of VOMRS registration service

Instructions Note: DTEAM VO, ATLAS ALICE CMS and LHCb are based on a VOMRS registration service.

In case of VOMS Admin registration service

The actions depend on the VOMS Admin version. To check the version follow the these steps:

  1. Go to the VO ID Card by choosing "search by VO name"and selecting the VO you are interested in. The Operations Portal will bring you to the VO ID Card.
  2. Select "Enrollment Url" and click on it. The link brings you to the VOMS Admin page
  3. Check the version at the bottom of the page

If the VOMS Admin version is earlier than 2.5

You have to register again. This process effectively creates a new user in the VO.

With the new certificate loaded in your browser, go to the VO Registration page and submit a new request to join the VO. The VO Admin will then approve (or deny) the new request.

This process is independent of the old certificate being still valid or not. If you had any Roles or belonged to any Group those have to be re-created for the new registration by the VO manager. After the new registration is complete and any Roles reassigned, you should ask the VO manager to delete the old entry from the VO (there is no need to maintain entries that are not valid anymore). If you are the VO Administrator you will have to ask the VOMS_Server system administrator to reassign the VO-Admin Role. You can try to approve your new entry with the old certificate loaded in their browser, while this is still valid, and assign the VO-Admin Role to your (new) self.

If the VOMS Admin version is 2.5 or later

Instructions are provided in the VOMS Admin User Guide (follow the path Documentation -> User Guide -> Requesting the addition of a new certificate to the membership) [Instructions for VOMS Admin 2.6.1]

External links