UCL UK e-Science Certificates
UCL Information Services serves as a local Registration Authority for the authentication of applications for e-Science Certificates.
A valid e-Science certificate is required to gain access to the resources of the National e-Infrastructure Service (NES) (amongst others).
Brief information to help you in applying for an e-Science Certificate is provided below. More detailed information can be found on the NGS Support website.
Scope of the UCL Registration Authority§
In general, the UCL Registration Authority (RA) can only approve personal and server certificate requests for members of UCL and those associated with projects based at UCL. However we have approved personal certificate requests for members of other London institutions without local RAs on request.
Before you Apply for a Certificate§
The recommended method for applying for a certificate is to use the Certificate Wizard. So:
- Download the CertWizard java application or use WebStart from the Certificate Wizard page on the NES website.
- Install the application on your computer.
- Run the Certificate Wizard application.
Applying for a Certificate§
You will be asked for a number of items when completing your request including:
Certificate Wizard keystore password.
Your certificates are stored in keystore which is password protected. The password (or passphrase) you choose should be at least 8 characters long and should conform to common secure password guidelines (e.g. include upper and lower-case letters, numbers, and punctuation symbols). Note that this password is the only thing that protects the private key part of your certificate(s) from being compromised, and thus rendered invalid. Keep this password to yourself, and don't forget it. If you forget this password, or if it is compromised, your certificate(s) will have to be revoked, and you will need to re-apply for them (at considerable inconvenience to both you and the CA/RA).
Your given name and family name.
You must enter your real name here. Names of roles will be rejected by the CA, for example you cannot use Biochem GRID. Your first name must be a word not just your your initial.
- Registration Authority.
Use UCL EISD. This is the only valid Registration Authority (RA) for UCL.
- Your e-mail address.
Make sure you get this right as it will be used by the e-Science CA to contact you when your certificate is ready.
- Your PIN. (Not your bank PIN.)
This should be, at minimum, 10 characters long. You will be asked for your PIN by your Registration Authority so it needs to be something you can remember or show. It should not be any of your normal passwords. Using one of these as your PIN (and thus revealing it to both your RA and the e-Science CA) will compromise its use as a password.
Extra items for Server Certificates§
There are two extra items for certificates for servers:
- Host Name.
The fully qualified DNS name (not numeric IP address) of your server.
- Host Admin Email.
To apply for a server certificate you must have a user certificate for yourself and be responsible for the server.
After Your Request has been Submitted§
After you have submitted your request, it has to be authenticated by your Registration Authority (RA) before the certificate is issued by the UK e-Science Certification Authority (CA). For authentication the UK e-Science CA requires that you present yourself in person to your RA with an appropriate form of photo-ID and your PIN. You will be asked to explain why you need a UK e-Science Certificate.
The RA for UCL is based in Informations Services Division (ISD). To arrange an appointment please email grid-ra AT ucl.ac.uk in the first instance.
Valid forms of Photo-ID are any of the following:
- Valid UCL ID card (It has to be a complete ID card with photo; authorisation for an ID card is not sufficient.)
- Current passport
- UK style photocard driving licence
We are required to make and log a photocopy of your photo-ID.
If you have none of the above forms of photo-ID available, contact us for advice by e-mail at grid-ra AT ucl.ac.uk. Please don't just turn up with an alternative as we may not be able to accept it.
Extra Requirements for Students§
In addition to the above, students should provide a letter (on department paper) from their project supervisor explaining why they need a certificate.
Extra Requirements for Servers§
In addition to the above, you need to provide a letter from your department explaining that you are responsible for this server. The letter should be on departmental stationary and be signed by your head of department.
Obtaining Your Certificate§
After your request has been authenticated by your Registration Authority, it is forwarded to the UK e-Science Certification Authority for final creation (this stage is called signing the certificate). Signing is normally done on the same or next working day.
When your certificate is ready the CA will e-mail you using the e-mail address that you provided with details of how to download your certificate. If you used the recommend method to request it, then you can download it into the Certificate Wizard application using the Refresh button.
You should now make a backup of your certificate using the Export button in the Certificate Wizard application.