Using UABgrid Web Sites: Difference between revisions

From Cheaha
Jump to navigation Jump to search
(→‎Configuring UABgrid Trust in IE7: Add CA import dialog warning)
m (Trust UABgrid CA moved to Using UABgrid Web Sites: More descriptive of the content.)
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
In order to use many of the services offered on UABgrid, you will need to trust the [http://ca.uabgrid.uab.edu|UABgrid Certificate Authority (CA)].  This is accomplished by adding the [https://ca.uabgrid.uab.edu/cacert/cacert.pem|UABgrid CA's root certificate] to the list of trusted CAs recognized by your web browser or other client application
In order to use many of the services offered on UABgrid, you will need to trust the UABgrid Certificate Authority (CA).  This is accomplished by adding the [http://uabgrid.uab.edu/files/UAB-root.crt UABgrid CA's root certificate] to the list of trusted CAs recognized by your web browser or other client application


= Background =
== Background ==


From a systems perspective, the decision to trust (ie. import) the UABgrid CA root certificate is equivalent to deciding to "trust" a desktop computer physically approaching it an launching application links presented in it's menus.  The trust expressed through physical proximity and visual familiarity with your desktop system is expressed electronically via the PKI infrastructure leveraged by UABgrid.
From a systems perspective, the decision to trust (ie. import) the UABgrid CA is equivalent to deciding to "trust" a desktop computer by physically approaching it an launching application links presented in it's menus.  The trust expressed through physical proximity and visual familiarity with your desktop system is expressed electronically via the PKI infrastructure leveraged by UABgrid.


= Configuring UABgrid Trust in IE7 =
== Configure Your Web Browser to trust UABgrid CA ==
 
=== Internet Explorer 6 ===
 
==== Steps to Import the UABgrid root certificate ====
 
Begin the import of the UABgrid CA by [http://uabgrid.uab.edu/files/UAB-root.crt clicking here to load the UABgrid CA root certificate] with your browser. The first dialog will ask if you want to open this file or save it.  Click "Open". This will launch the certificate viewer tool.
 
[[Image:Ie6-open-certificate.png]]
 
The certificate import tool will launch showing you information about the certificate file you have just opened.
 
'''Important:''' Click on the '''Install...''' button to start the root certification installation wizard.  Clicking OK will not start the import wizard. It will simply close the import tool and the certificate will not be installed.
 
[[Image:Ie6-cert-viewer.png]]
 
The first step of the certificate import wizard informs you about the certificate you are about to install.  Click Next to continue
 
[[Image:Ie6-cert-wizard-step1.png]]
 
The next step of the import wizard asks you where you want to store this certificate.  Leave the default location select as it is correct. Click Next to continue.
 
[[Image:Ie6-cert-wizard-step2.png]]
 
The final step of the import wizard informs you that you are ready to install the certificate.  Click Finish to complete this step.
 
[[Image:Ie6-cert-wizard-step3.png]]
 
A dialog will pop up warning you that this certificate is unknown. This dialog is the actual import step.  This dialog also uses very strong wording urging caution. This warning is saying that once you trust this CA, IE will no longer warn you about sites that use certificates issued by the UABgrid CA. This is what we want to achieve.  But to assure you are actually looking at the real UABgrid CA, you should confirm that the "Thumprint" number shown in the middle of the dialog contains the unique signature of the "UABgrid CA v1.0": <code>(sha1): DDBB73C6 0FE21B5B B1DAE981 C8D5B502 C0861431</code> If the Thumbprint is correct, you may click "Yes" to complete the import.
 
[[Image:Ie6-cert-import-warning.png]]
 
You will see the certificate installed dialog indicating that the UABgrid CA v1.0 root certificate is now imported into your browser.
 
[[Image:Ie6-cert-import-success.png]]
 
==== What you See if you don't trust the UABgrid CA ====
 
Internet Explorer 6 will present the following warning message when you attempt to use a secure connection to access a UABgrid web site that uses a UABgrid CA certificate. More technically, the error occurs when you use use HTTPS (SSL) connections to access a web site that identifies itself using a certificate issued by the UABgrid CA.
 
To resolve this warning, you should import the UABgrid CA into your browser as described above. This will allow smooth access to all sites identified by UABgrid.
 
[[Image:Ie6-unknown-ca.png]]
 
 
=== Internet Explorer 7 ===
 
==== Steps to Import the UABgrid root certificate ====
 
Begin the import of the UABgrid CA by [http://uabgrid.uab.edu/files/UAB-root.crt clicking here to load the UABgrid CA root certificate] with your browser. This should begin the certificate import process.
 
The first dialog you see will be the following warning. This message is simply saying that IE7 doesn't recognize the publisher of this certificate.  This is the expected response and is the reason we are following these steps.  Press "Open" to open the certificate.
 
[[Image:Ie7-unknown-publisher.jpg]]
 
The next dialog is the actual import step.  This dialog also uses very strong wording urging caution. This warning is saying that once you trust this CA, IE7 will no longer warn you about sites that use certificates issued by the UABgrid CA. This is what we want to achieve.  But to assure you are actually looking at the real UABgrid CA, you should confirm that the "Thumprint" number shown in the middle of the dialog contains the unique signature of the "UABgrid CA v1.0": <code>(sha1): DDBB73C6 0FE21B5B B1DAE981 C8D5B502 C0861431</code>
 
[[Image:Ie7-ca-import-warning.jpg]]
 
If the Thumbprint is correct, you may click "Yes" to complete the import.
 
The UABgrid CA v1.0 root certificate is now imported into your browser.
 
'''NOTE 1:''' IE7 must now be restarted completely (close all IE7 windows) in order for it to properly recognize UABgrid sites without warnings.
 
'''NOTE 2:''' If you don't close all your IE7 windows, IE7 will display a light red warning background in the location box for sites that use a UABgrid certificate.  This warning indicator will go away once IE7 is completely restarted.
 
==== What you See if you don't trust the UABgrid CA ====


Internet Explorer 7 will present the following warning message when you attempt to use a secure connection to access a UABgrid web site that uses a UABgrid CA certificate. More technically, the error occurs when you use use HTTPS (SSL) connections to access a web site that identifies itself using a certificate issued by the UABgrid CA.
Internet Explorer 7 will present the following warning message when you attempt to use a secure connection to access a UABgrid web site that uses a UABgrid CA certificate. More technically, the error occurs when you use use HTTPS (SSL) connections to access a web site that identifies itself using a certificate issued by the UABgrid CA.
While you can ignore this error and proceed even though IE7 cautions against this, you will continue to get these annoying warnings whenever you access such a site. The better solution is to tell IE7 to trust the UABgrid CA as described above.  This will allow smooth access to all sites identified by UABgrid.


[[Image:Ie7-unknown-ca.jpg]]
[[Image:Ie7-unknown-ca.jpg]]


While you can ignore this error and proceed eventhough IE7 cautions against this, you will continue to get these annoying warnings whenever you access such a site.
=== Firefox 3 ===


The better solution is to tell IE7 to trust UABgrid.  This will allow smooth access to all sites identified by UABgrid.
==== Steps to Import the UABgrid root certificate ====


Begin the import of the UABgrid CA by [http://uabgrid.uab.edu/files/UAB-root.crt|clicking here to load the UABgrid CA root certificate] with your browser. This should launch the certificate import process.
Begin the import of the UABgrid CA by [http://uabgrid.uab.edu/files/UAB-root.crt clicking here to load the UABgrid CA root certificate] with your browser. This should begin the certificate import process.


The first dialog you see will be another warning:
The the only dialog you see will be the following pop-up. This message is asking that you to identify for which services are willing to trust the UABgrid CA. The UABgrid CA is a general-purpose CA, so please select all check-boxes.


[[Image:Ie7-unknown-publisher.jpg]]
Note: As a double-check, to confirm that you are about to import the the correct CA, you can press the "View" button and confirm that the SHA1 fingerprint shown toward the bottom of the subsequent dialog matches the value <code>(sha1): DDBB73C6 0FE21B5B B1DAE981 C8D5B502 C0861431</code>.
 
If the Thumbprint is correct, you may click "OK" to complete the import.


This message is simply saying that IE7 doesn't recognize the publisher of this certificate.  This is the expected response.  Press "Open" to open the certificate.
[[Image:ff3-ca-import.png]]


The next dialog is the actual import step. This dialog also uses very strong wording urging caution:
The UABgrid CA v1.0 root certificate is now imported into your browser.


[[Image:Ie7-ca-import-warning.jpg]]
Note: Firefox should not need to be restarted. The next time you access a secure web site on UABgrid, you will proceed to that website without being warned about entering an untrusted site.
 
==== What you See if you don't trust the UABgrid CA ====


This warning is saying that once you trust this CA, IE7 will no longer warn you about sites that use certificates issued by the UABgrid CA. This is what we want to achieve, but before you continue, you should verify the"Thumbprint" number shown in the middle of the dialog on your desktop.  It should read:
Firefox 3 will present the following warning message when you attempt to use a secure connection to access a UABgrid web site that uses a UABgrid CA certificate. More technically, the error occurs when you use use HTTPS (SSL) connections to access a web site that identifies itself using a certificate issued by the UABgrid CA.


  Thumbprint (sha1): DDBB73C6 0FE21B5B B1DAE981 C8D5B502 C0861431
Do not ignore this warning. The correct solution is to configure Firefox to trust the UABgrid CA as described above. This will allow smooth access to all sites identified by UABgrid.


This is the unique signature of the "UABgrid CA v1.0" root certificate.
[[Image:ff3-unknown-ca.png]]


If this number matches the thumbprint on your dialog, you should click "Yes".
=== Safari (Mac) ===


The UABgrid CA v1.0 root certificate is now imported into your browser.
Configuration a trusted root in Safari involves adding the UABgrid root certificate to the Mac Keychain Access application.  This is a system level trust configuration that is used by Safari.  The following note should help you configure your Mac to trust the UABgrid CA.


IE7 must now be restarted completely (close all IE7 windows) in order for it to properly recognize UABgrid sites without warnings.
Save the [http://uabgrid.uab.edu/files/UAB-root.crt UABgrid root CA] to your Desktop.  Then click on the saved file to open the Keychain Access application.  You will be prompted to add the certificate to your Keychain.  Select the "System" keychain from the drop-down menu and click Add.  You will be prompted for you system password.  After this, the certificate will be added.  Close Safari and restart and you should no longer be prompted about security exceptions for trusting UABgrid CA issued certificates.


Note if you don't close all your IE7 windows, IE7 will display a light red warning background in the location box for sites that use a UABgrid certificate. This warning indicator will go away once IE7 is completely restarted.
Please see the following instructions for reference: http://www.askdavetaylor.com/how_to_install_trusted_root_certificate_mac.html

Latest revision as of 16:56, 27 August 2010

In order to use many of the services offered on UABgrid, you will need to trust the UABgrid Certificate Authority (CA). This is accomplished by adding the UABgrid CA's root certificate to the list of trusted CAs recognized by your web browser or other client application

Background

From a systems perspective, the decision to trust (ie. import) the UABgrid CA is equivalent to deciding to "trust" a desktop computer by physically approaching it an launching application links presented in it's menus. The trust expressed through physical proximity and visual familiarity with your desktop system is expressed electronically via the PKI infrastructure leveraged by UABgrid.

Configure Your Web Browser to trust UABgrid CA

Internet Explorer 6

Steps to Import the UABgrid root certificate

Begin the import of the UABgrid CA by clicking here to load the UABgrid CA root certificate with your browser. The first dialog will ask if you want to open this file or save it. Click "Open". This will launch the certificate viewer tool.

Ie6-open-certificate.png

The certificate import tool will launch showing you information about the certificate file you have just opened.

Important: Click on the Install... button to start the root certification installation wizard. Clicking OK will not start the import wizard. It will simply close the import tool and the certificate will not be installed.

Ie6-cert-viewer.png

The first step of the certificate import wizard informs you about the certificate you are about to install. Click Next to continue

Ie6-cert-wizard-step1.png

The next step of the import wizard asks you where you want to store this certificate. Leave the default location select as it is correct. Click Next to continue.

Ie6-cert-wizard-step2.png

The final step of the import wizard informs you that you are ready to install the certificate. Click Finish to complete this step.

Ie6-cert-wizard-step3.png

A dialog will pop up warning you that this certificate is unknown. This dialog is the actual import step. This dialog also uses very strong wording urging caution. This warning is saying that once you trust this CA, IE will no longer warn you about sites that use certificates issued by the UABgrid CA. This is what we want to achieve. But to assure you are actually looking at the real UABgrid CA, you should confirm that the "Thumprint" number shown in the middle of the dialog contains the unique signature of the "UABgrid CA v1.0": (sha1): DDBB73C6 0FE21B5B B1DAE981 C8D5B502 C0861431 If the Thumbprint is correct, you may click "Yes" to complete the import.

Ie6-cert-import-warning.png

You will see the certificate installed dialog indicating that the UABgrid CA v1.0 root certificate is now imported into your browser.

Ie6-cert-import-success.png

What you See if you don't trust the UABgrid CA

Internet Explorer 6 will present the following warning message when you attempt to use a secure connection to access a UABgrid web site that uses a UABgrid CA certificate. More technically, the error occurs when you use use HTTPS (SSL) connections to access a web site that identifies itself using a certificate issued by the UABgrid CA.

To resolve this warning, you should import the UABgrid CA into your browser as described above. This will allow smooth access to all sites identified by UABgrid.

Ie6-unknown-ca.png


Internet Explorer 7

Steps to Import the UABgrid root certificate

Begin the import of the UABgrid CA by clicking here to load the UABgrid CA root certificate with your browser. This should begin the certificate import process.

The first dialog you see will be the following warning. This message is simply saying that IE7 doesn't recognize the publisher of this certificate. This is the expected response and is the reason we are following these steps. Press "Open" to open the certificate.

Ie7-unknown-publisher.jpg

The next dialog is the actual import step. This dialog also uses very strong wording urging caution. This warning is saying that once you trust this CA, IE7 will no longer warn you about sites that use certificates issued by the UABgrid CA. This is what we want to achieve. But to assure you are actually looking at the real UABgrid CA, you should confirm that the "Thumprint" number shown in the middle of the dialog contains the unique signature of the "UABgrid CA v1.0": (sha1): DDBB73C6 0FE21B5B B1DAE981 C8D5B502 C0861431

Ie7-ca-import-warning.jpg

If the Thumbprint is correct, you may click "Yes" to complete the import.

The UABgrid CA v1.0 root certificate is now imported into your browser.

NOTE 1: IE7 must now be restarted completely (close all IE7 windows) in order for it to properly recognize UABgrid sites without warnings.

NOTE 2: If you don't close all your IE7 windows, IE7 will display a light red warning background in the location box for sites that use a UABgrid certificate. This warning indicator will go away once IE7 is completely restarted.

What you See if you don't trust the UABgrid CA

Internet Explorer 7 will present the following warning message when you attempt to use a secure connection to access a UABgrid web site that uses a UABgrid CA certificate. More technically, the error occurs when you use use HTTPS (SSL) connections to access a web site that identifies itself using a certificate issued by the UABgrid CA.

While you can ignore this error and proceed even though IE7 cautions against this, you will continue to get these annoying warnings whenever you access such a site. The better solution is to tell IE7 to trust the UABgrid CA as described above. This will allow smooth access to all sites identified by UABgrid.

Ie7-unknown-ca.jpg

Firefox 3

Steps to Import the UABgrid root certificate

Begin the import of the UABgrid CA by clicking here to load the UABgrid CA root certificate with your browser. This should begin the certificate import process.

The the only dialog you see will be the following pop-up. This message is asking that you to identify for which services are willing to trust the UABgrid CA. The UABgrid CA is a general-purpose CA, so please select all check-boxes.

Note: As a double-check, to confirm that you are about to import the the correct CA, you can press the "View" button and confirm that the SHA1 fingerprint shown toward the bottom of the subsequent dialog matches the value (sha1): DDBB73C6 0FE21B5B B1DAE981 C8D5B502 C0861431.

If the Thumbprint is correct, you may click "OK" to complete the import.

Ff3-ca-import.png

The UABgrid CA v1.0 root certificate is now imported into your browser.

Note: Firefox should not need to be restarted. The next time you access a secure web site on UABgrid, you will proceed to that website without being warned about entering an untrusted site.

What you See if you don't trust the UABgrid CA

Firefox 3 will present the following warning message when you attempt to use a secure connection to access a UABgrid web site that uses a UABgrid CA certificate. More technically, the error occurs when you use use HTTPS (SSL) connections to access a web site that identifies itself using a certificate issued by the UABgrid CA.

Do not ignore this warning. The correct solution is to configure Firefox to trust the UABgrid CA as described above. This will allow smooth access to all sites identified by UABgrid.

Ff3-unknown-ca.png

Safari (Mac)

Configuration a trusted root in Safari involves adding the UABgrid root certificate to the Mac Keychain Access application. This is a system level trust configuration that is used by Safari. The following note should help you configure your Mac to trust the UABgrid CA.

Save the UABgrid root CA to your Desktop. Then click on the saved file to open the Keychain Access application. You will be prompted to add the certificate to your Keychain. Select the "System" keychain from the drop-down menu and click Add. You will be prompted for you system password. After this, the certificate will be added. Close Safari and restart and you should no longer be prompted about security exceptions for trusting UABgrid CA issued certificates.

Please see the following instructions for reference: http://www.askdavetaylor.com/how_to_install_trusted_root_certificate_mac.html