Access Keys:
Skip to content (Access Key - 0)

GAARDS UI

Certificate Authorities

Contents

The GAARDS UI provides a method of adding certificate authorities to the GTS as trusted certificate authorities.  To add a certificate authority to the GTS you will need to provide the CA's certificate.  The CA's certificate is required for authentication and verifying the CA's signature.  In addition you need to select which Level(s) of Assurance the CA complies with.   To add a certificate authority to the GTS using the GAARDS UI, please complete the following steps:

  1. Launch the GAARDS UI
  2. Login as a GTS administrator.
  3. From the Trust Fabric menu, select Certificate Authorities, this will launch the Certificate Authorities Window.
  4. From the Service drop down select the GTS you wish to add a certificate authority to.
  5. Click the Add button, this will launch Add Certificate Authority Window.
  6. Select the Certifcate tab.
  7. Click the Import Certificate button, this will launch a file browser.
  8. Browse to the CA certificate for the certificate authority you are adding, and click the Open button.  This will load the certificate into the UI.
  9. Select the Level of Assurance tab.
  10. Select the Level(s) of Assurance that the certificate authority complies with.
  11. Click the Add button, this will add the certificate authority to the GTS as a trusted certificate authority.

Adding Certificate Authority

Removing a Certificate Authority

The GAARDS UI enables GTS administrators to remove trusted certificate authorities.   A certificate authority can only be removed if the GTS is the authority for it.  Once a certificate authority is removed it will no longer be federated to other GTS(s).   In addition it will be removed from the trust stores of clients and service next time they sync.   To remove a certificate authority from the GTS please complete the following steps:

  1. Launch the GAARDS UI
  2. Login as a GTS administrator.
  3. From the Trust Fabric menu, select Certificate Authorities, this will launch the Certificate Authorities Window.
  4. From the Service drop down select the GTS you wish to remove a certificate authority from.
  5. Enter the desired search criteria.
  6. Click the Search button.
  7. Once the search has completed select the certificate authority you wish to remove.
  8. Click the Remove button, this will remove the certificate authority from the GTS.

Managing Certificate Authorities

The GAARDS UI allows GTS administrators to search for certificate authorities trusted by the GTS.  The GTS supports searching for certificate authorities using the following search criteria:

Search Criteria
Description
Trusted Authority Name
The distinguished name or subject of the certificate authority.
Level of Assurance
Certificate authorities that are associated with the level of assurance selected.
Status
The Status of the certificate authority, Trusted or Suspended.
Lifetime
Whether (Valid) or not (Expired) the certificate authority entry in the GTS is still valid.
Is Authority
Whether (true) or not (false) the GTS selected is the authority of the certifcate authority.
Authority GTS
Certificate authorities whose authority is the selected GTS.
Source GTS
Certificate authorities whose source is the selected GTS.

To search for ceritifcate authorities trusted by the GTS or that are part of the trust fabric, please complete the following directions:

  1. Launch the GAARDS UI
  2. Login as a GTS administrator.
  3. From the Trust Fabric menu, select Certificate Authorities, this will launch the Certificate Authorities Window.
  4. From the Service drop down select the GTS you wish to search.
  5. Enter the desired search criteria.
  6. Click the Search button.

After the search has completed, the certificate authorities meeting your search criteria will be listed in the table below the Search button.  You can view the details of an individual certificate authority by selecting the certificate authority you wish to view and by clicking the View button.  This will launch Trusted Authority Window for the certificate authority you requested.  The details for the certificate authority are provided in four tabs: (1) Properties, (2) Level of Assurance, (3) Certificate, (4) Certificate Revocation List.  Below we will describe the details contained in each tab.

Certificate Authorities

Properties

The Properties tab contains the information shown in the table below:

Property
Description
Trusted Authority Name
The distinguished name or subject of the certificate authority.
Status
The Status of the certificate authority, Trusted or Suspended.
Authority GTS
The GTS that is the authority for this certificate authority.
Source GTS
The GTS that is the source for this certificate authority.
Expires
Specifies when the record for this certificate authority expires.  Certificate authorities that are inherited from Authority GTS(s) expire unless they are renewed by the Authority GTS.  See trust federation for more information.
Last Updated
The date this certificate authority record was last updated.

The Status property is the only property in the above table that can be updated by GTS administrators.  To update the status, select the desired status and click the Update button.

A certificate authority can only be updated if the GTS is its authority.

Level of Assurance

The Level of Assurance tab lists all the level(s) of assurance registered with the GTS.  Each level of assurance contains a check box, if checked the CA is that level of assurance.  The Level(s) of assurance for a certificate authority can be updated by selecting or deselecting individual level(s) of assurance and by clicking the Update button.

A certificate authority can only be updated if the GTS is its authority.

Certificate

The Certificate tab contains the certificate authority's certificate.  This certificate corresponds to the private key that the certificate authority uses for signing certificates that is issues.

Certificate Revocation List

The Certificate Revocations List tab contains the certificate authority's CRL which contains the list off all certificates issued by the certificate authority that have been revoked.   The CRL is distributed to clients and services with the certificate authority's certificate, both are used for authenticating clients.   The GTS allows GTS administrators and parties granted special access (see Access Control ) to publish the CRL for a certificate authority.   The CRL can be published through the GTS's grid service interface, certificate authorities such as Dorian take advantage of this.  In addition a certificate authority's CRL can be published using the GAARDS UI.  This can be done by as follows:

  1. Click the Import CRL button, this will lauch a file browser window.
  2. Browse to the CRL for the certificate authority, select it, and click the Open button. This will load the CRL into the Certificate Revocations List tab.
  3. Click the Update button.
A certificate authority can only be updated if the GTS is its authority.

CA Properties











CA Levels of Assurance

CA Certificate

CA CRL
Last edited by
Sarah Honacki (820 days ago)
Adaptavist Theme Builder Powered by Atlassian Confluence