Access Keys:
Skip to content (Access Key - 0)

Dorian

Managing Host Credentials

[ Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides ]

Browse Host Credentials
In order to run secure services securely, the container hosting the services must run with a host credential. A host credential consist of a X.509 certificate and private key. Dorian provides a means for users with a grid user account to request a host credential for their services. For each host credential request and each host credential issued Dorian maintains a host credential record. Dorian assigns each host credential record one of the following statuses:

  1. Pending - Host credentials that have been requested but not yet issued because they require approval of an administrator.
  2. Rejected - Host credentials that have been requested but were not issued because the request was rejected by and administrator.
  3. Active - Host credentials that have been issued.
  4. Suspended - Host credentials that were issued but have been temporarily revoked.
  5. Compromised - Host credentials that were issued and are permanently revoked.

Host credentials issued by Dorian are bound to a grid user account managed by Dorian, most cases a host credential is bound to the user that requested the credential. This binding make users responsible for any host credentials bound to their account. If a user's account is suspended, any host credentials bound to their account will be revoked an listed in the Dorian CA URL. If a user's account is removed the status of all the host credentials bound to their account will be set to Compromised. Each host certificate record is an assigned an owner, or the user who the credential is bound to.

The GAARDS UI provides a method of finding/browsing both requested and issued host credentials. To find/browse host credentials complete the following steps:

  1. Open the Host Certificate Management window by selecting Account Management => Grid Account Management => Host Certificate Management.
  2. From the Service URI drop down select the Dorian you wish to query.
  3. From the Credential drop down select the grid proxy you wish to use to authenticate with Dorian. Only users with credentials of a Dorian administrator will be allowed access to this feature.
  4. Click the Find Host Certificates button.

This will list all the host credential records managed by the Dorian specified. If you wish you may refine you search based on the following criteria:

  1. Record Id - Dorian assigns each host credential record an id, you may specify the record id to pull up a specific record.
  2. Host - The host name of host.
  3. Serial Number - The serial number of the certificate issued to the host.
  4. Subject - The subject of the certificate issued to the host.
  5. Status - The status of the host credential.
  6. Expiration - Search based on whether or not the certificate issued to the host has expired, this is useful in determining which host certificates need to be renewed.
  7. Owner - The grid user that the certificate is bound to.

Reviewing Host Credential Requests

Review Host Credential Request
Host credentials that require administrative review are assigned a status of Pending. It is up to Dorian administrators to decide whether or not to approve a certificate request based on the policy defined for their deployment. The GAARDS UI provides a method for reviewing host credentials requests, to do so complete the following steps:

  1. From the Host Certificate Management window select a host credential record with a Pending status.
  2. Click the View/Update Host Certificate button, this will bring up a window containing the details of the host certificate record.
  3. To approve a host credential request click the Approve Certificate button. To reject a host credential request, select Rejected from the Status drop down and click the Update Certificate button.

Once the request is reviewed the details of the host certificate record will be immediately updated.

Viewing/Updating Host Credentials

Managing Host Credential
A host credential's status and owner may be modified by a Dorian administrator so long at the current status of the host credential is not Compromised. The GAARDS UI provides a method for viewing/updating host credentials requests, to do so complete the following steps:

  1. From the Host Certificate Management window select a host credential record.
  2. Click the View/Update Host Certificate button, this will bring up a window containing the details of the host certificate record.
  3. If you wish to update a host certificate record, specify the change and click the Update Certificate button.

Renewing Host Credentials

When Dorian issues host credentials it issues them from the amount of time specified in the lifetime element in the Dorian configuration file. After that time the host credentials will expire and must be renewed by a Dorian administrator. The GAARDS UI provides a method for renewing host credentials, to do so complete the following steps:

  1. From the Host Certificate Management window select a host credential record. (To list all the expired host credentials set the value of the Expiration drop down to true and click the Find Host Certificates button)
  2. Click the View/Update Host Certificate button, this will bring up a window containing the details of the host certificate record.
  3. To renew a host credential request click the Renew Certificate button.
Last edited by
Knowledge Center (1157 days ago) , ...
Adaptavist Theme Builder Powered by Atlassian Confluence