A CILogon-enabled Application is a program that can download a certificate from https://cilogon.org/ using an Activation Code.
To use a CILogon-enabled application:
- Open https://cilogon.org/?skin=code in a web browser and log on.
- Click the Get New Activation Code button shown at https://cilogon.org/.
- Highlight and copy the Activation Code (for example: acb7b5c63931067c3c6340c5b2b2e72f) displayed at https://cilogon.org/.
- Paste the Activation Code when prompted by the CILogon-enabled application.
The Get New Activation Code functionality is an optional capability that is enabled when you visit https://cilogon.org/?skin=code. To see all optional capabilities, visit https://cilogon.org/?skin=all. To revert to the default CILogon interface, visit https://cilogon.org/?skin=default. To request a customized "skin" for your applications, please contact us at firstname.lastname@example.org.
An example CILogon-enabled application is available at https://cilogon.org/gridshib-ca/gridshibca-client.py. It is a relatively simple script written in the Python language. The following command-line example demonstrates its use:
$ python gridshibca-client.py
Please enter your Activation Code: <--- paste the Activation Code here
Using GridShib CA server at https://cilogon.org//gridshib-ca//GridShibCA.cgi
Generating private keys and certificate request.
Credential written to /tmp/x509up_u501
CILogon-enabled applications implement the GridShib-CA Credential Retriever Protocol. It must:
- Generate a 2048-bit RSA private key.
- Create a PEM-encoded PKCS10 certificate request containing the corresponding RSA public key.
- Submit an HTTP POST request to https://cilogon.org//gridshib-ca//GridShibCA.cgi containing the certificate request and the Activation Code.
- Read the response to the HTTP POST containing the PEM-encoded signed X.509 certificate.