Managing Certificate Authorities

The GAARDS UI allows GTS administrators to search for certificate authorities trusted by the GTS.  The GTS supports searching for certificate authorities using the following search criteria:

To search for ceritifcate authorities trusted by the GTS or that are part of the trust fabric, please complete the following directions:

1. Launch the GAARDS UI
2. Login as a GTS administrator.
3. From the Trust Fabric menu, select Certificate Authorities, this will launch the Certificate Authorities Window.
4. From the Service drop down select the GTS you wish to search.
5. Enter the desired search criteria.
6. Click the Search button.

After the search has completed, the certificate authorities meeting your search criteria will be listed in the table below the Search button.  You can view the details of an individual certificate authority by selecting the certificate authority you wish to view and by clicking the View button.  This will launch Trusted Authority Window for the certificate authority you requested.  The details for the certificate authority are provided in four tabs: (1) Properties, (2) Level of Assurance, (3) Certificate, (4) Certificate Revocation List.  Below we will describe the details contained in each tab.

The Properties tab contains the information shown in the table below:

The Status property is the only property in the above table that can be updated by GTS administrators.  To update the status, select the desired status and click the Update button.

A certificate authority can only be updated if the GTS is its authority.

Level of Assurance

The Level of Assurance tab lists all the level(s) of assurance registered with the GTS.  Each level of assurance contains a check box, if checked the CA is that level of assurance.  The Level(s) of assurance for a certificate authority can be updated by selecting or deselecting individual level(s) of assurance and by clicking the Update button.

A certificate authority can only be updated if the GTS is its authority.

Certificate

The Certificate tab contains the certificate authority's certificate.  This certificate corresponds to the private key that the certificate authority uses for signing certificates that is issues.

Certificate Revocation List

The Certificate Revocations List tab contains the certificate authority's CRL which contains the list off all certificates issued by the certificate authority that have been revoked.   The CRL is distributed to clients and services with the certificate authority's certificate, both are used for authenticating clients.   The GTS allows GTS administrators and parties granted special access (see Access Control ) to publish the CRL for a certificate authority.   The CRL can be published through the GTS's grid service interface, certificate authorities such as Dorian take advantage of this.  In addition a certificate authority's CRL can be published using the GAARDS UI.  This can be done by as follows:

1. Click the Import CRL button, this will lauch a file browser window.
2. Browse to the CRL for the certificate authority, select it, and click the Open button. This will load the CRL into the Certificate Revocations List tab.
3. Click the Update button.

A certificate authority can only be updated if the GTS is its authority.