Managing Host Certificates
Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides
The GAARDS UI provides a mechanism for viewing and updating host certificates. To view a host certificate using the GAARDS UI, please complete the following steps:
- Perform a Host Certificate Search.
- Select the host certificate you wish to view and click the View Host Certificate button.
This will launch the Host Certificate Window for the host certificate you selected. The Host Certificate Window contains two tabs; (1) Summary and (2) Auditing. The Summary tab contains information about the host certificate and actions that can be performed by administrators on the host certificate. The following table provides details on the information contained in the Summary tab:
Attribute
|
Description
|
Record Id
|
The unique identifier assigned to the record by Dorian.
|
Host
|
The host name of the host that the certificate is for.
|
Owner
|
The identity of the user whom is the owner for the host certificate. |
Status
|
The status of the host certificate. |
Strength
|
The strength the host certificate.
|
Host Grid Identity
|
The Grid Identity of the Host.
|
Subject
|
The distinguished name of the host certificate.
|
Starts
|
The date the host certificate was issued.
|
Expires
|
The date the host certificate expired.
|
|
Host Certificate
|
|
|
|
|
The action available to administrators in the host certificate window will depend on the status of the host certificate. For example if the status of the host certificate is Pending, then an action allowing the Approval of the certificate. In general the following actions can be executed by administrator from the Summary Tab: (1) Review Host Certificate, (2) Update Host Certificate, and (3) Renew Host Certificate. Each of these action will be covered in detail below.
For security purposes and to give administrators insight on an individual host certificate record, Dorian maintains a list of auditing information for each host certificate. The Audit tab allow administrators to search for audit records pertaining to the selected host certificate, for additional detail on this see below.
Review a Host Certificate
Host credentials that require administrative review are assigned a status of Pending. It is up to Dorian administrators to decide whether or not to approve a certificate request based on the policy defined for their deployment. Host certificates can reviewed in the Host Certificate Window in the GAARDS UI. To approve a host credential request, click the Approve Certificate button. To reject a host credential request, select Rejected from the Status drop down and click the Update Certificate button. Once the request is reviewed, the details of the host certificate record will be immediately updated.
Update a Host Certificate
A host credential's status and owner may be modified by a Dorian administrator so long at the current status of the host credential is not Compromised. Host certificates can be updated in the host certificate window for a given certificate. To update a host certificate make the desired changes (owner or status) and click the Update Certificate button.
Renew a Host Certificate
When Dorian issues host credentials it issues them for the amount of time specified in the Dorian configuration. After that time the host credentials will expire and must be renewed by a Dorian administrator. Host certificates can be renewed in the host certificate window for a give host certificate, by clicking the Renew Certificate button.
Auditing
|
For security purposes and to give administrators insight on host certificates, Dorian maintains a list of auditing information for each host certificate. The following is a list of auditing information maintained for each host certificate:
Audit Information
|
Description
|
HostCertificateRequested
|
Documents when and by whom the host certificate was requested.
|
HostCertificateApproved
|
Documents when and by whom the host certificate was approved.
|
HostCertificateUpdated
|
Documents when, what, and by whom the host certificate was updated.
|
HostCertificateRenewed
|
Documents when and by whom the host certificate was renewed.
|
The GAARDS UI allows Dorian administrators to search the auditing information for a given host certificate based the following search criteria:
| Criteria |
Description |
| Reporting Party |
The identity of the party that performed or reported the action. |
Audit Type
|
The type of auditing information, please consult the table above for different types.
|
Start Date
|
The start of a date/time range of when the even occurred.
|
End Date
|
The end of a date/time range of when the even occurred. |
Message
|
Search the content of the Audit Message.
|
Using the GAARDS UI, administrators can search the auditing information by completing the following steps:
- In the host certificate window for a given host certificate, select the Audit tab.
- Enter you search criteria, please consult the table above. If no search criteria is specified all audit records for the user will be returned.
- Click the Search button.
When the search has completed, the audit records meeting your search criteria will be displayed in the table below the Search button. To view the complete details of a specific audit record, select that record in the table and click the View button. This will launch a window containing the complete details of the audit record you selected.
|
Auditing
|
|
|
|
Audit Record
|
|
|
|
|
Administration
