Managing Host Certificates

Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides

The GAARDS UI provides a mechanism for viewing and updating host certificates.    To view a host certificate using the GAARDS UI, please complete the following steps:

1. Perform a Host Certificate Search.
2. Select the host certificate you wish to view and click the View Host Certificate button.

This will launch the Host Certificate Window for the host certificate selected.  The Host Certificate Window contains two tabs: (1) Summary and (2) Auditing.  The Summary tab contains information about the host certificate and actions that can be performed by administrators on the host certificate.  The following table provides details on the information contained in the Summary tab:

Attribute Description Record ID The unique identifier assigned to the record by Dorian Host The name of the host that the certificate is for Owner The identity of the user who owns the host certificate Status The status of the host certificate Strength The strength of the host certificate Host Grid Identity The Grid Identity of the Host Subject The distinguished name of the host certificate Starts The date the host certificate was issued Expires The date the host certificate expired

Host Certificate

The action available to administrators in the host certificate window will depend on the status of the host certificate.   For example if the status of the host certificate is Pending, then an action allowing the Approval of the certificate will be available.  In general the following actions can be executed by an administrator from the Summary Tab: (1) Review Host Certificate, (2) Update Host Certificate, and (3) Renew Host Certificate.   Each of these action will be covered in detail below.

For security purposes and to give administrators insight on an individual host certificate record, Dorian maintains a list of auditing information for each host certificate.  The Audit tab allows administrators to search for audit records pertaining to the selected host certificate. For additional details, see below.

Review a Host Certificate

Host credentials that require administrative review are assigned a status of Pending. It is up to Dorian administrators to decide whether or not to approve a certificate request based on the policy defined for their deployment. Host certificates can be reviewed in the Host Certificate Window in the GAARDS UI. To approve a host credential request, click the Approve Certificate button. To reject a host credential request, select Rejected from the Status drop-down menu and click the Update Certificate button.  Once the request is reviewed, the details of the host certificate record will be immediately updated.

Update a Host Certificate

A host credential's status and owner may be modified by a Dorian administrator so long as the current status of the host credential is not Compromised.  Host certificates can be updated in the host certificate window for a given certificate.  To update a host certificate, make the desired changes (owner or status) and click the Update Certificate button.

Renew a Host Certificate

When Dorian issues host credentials it issues them for the amount of time specified in the Dorian configuration. After that time, the host credentials will expire and must be renewed by a Dorian administrator.   Host certificates can be renewed in the host certificate window for a give host certificate by clicking the Renew Certificate button.

Auditing

For security purposes and to give administrators insight on host certificates, Dorian maintains a list of auditing information for each host certificate.   The following is a list of auditing information maintained for each host certificate: Audit Information Description HostCertificateRequested Documents when and by whom the host certificate was requested. HostCertificateApproved Documents when and by whom the host certificate was approved. HostCertificateUpdated Documents when, what, and by whom the host certificate was updated. HostCertificateRenewed Documents when and by whom the host certificate was renewed. The GAARDS UI allows Dorian administrators to search the auditing information for a given host certificate based the following search criteria: Criteria Description Reporting Party The identity of the party that performed or reported the action. Audit Type The type of auditing information, please consult the table above for different types. Start Date The start of a date/time range of when the even occurred. End Date The end of a date/time range of when the even occurred. Message Search the content of the Audit Message. Using the GAARDS UI, administrators can search the auditing information by completing the following steps: In the host certificate window for a given host certificate, select the Audit tab. Enter search criteria. Please consult the table above.  If no search criteria is specified, all audit records for the user will be returned. Click the Search button. When the search is complete, the audit records meeting the search criteria will display in the table below the Search button.  To view the complete details of a specific audit record, select that record in the table and click the View button.  This will launch a window containing the complete details of the audit record selected.

Auditing Audit Record