CILogon-enabled Applications

A CILogon-enabled Application is a program that can download a certificate from https://cilogon.org/ using an Activation Code.

To use a CILogon-enabled application:

  1. Open https://cilogon.org/?skin=code in a web browser and log on.
  2. Click the Get New Activation Code button shown at https://cilogon.org/.
  3. Highlight and copy the Activation Code (for example: acb7b5c63931067c3c6340c5b2b2e72f) displayed at https://cilogon.org/.
  4. Paste the Activation Code when prompted by the CILogon-enabled application.

The Get New Activation Code functionality is an optional capability that is enabled when you visit https://cilogon.org/?skin=code. To see all optional capabilities, visit https://cilogon.org/?skin=all. To revert to the default CILogon interface, visit https://cilogon.org/?skin=default. To request a customized "skin" for your applications, please contact us at help@cilogon.org.

Example: gridshibca-client.py

An example CILogon-enabled application is available at https://cilogon.org/gridshib-ca/gridshibca-client.py. It is a relatively simple script written in the Python language. The following command-line example demonstrates its use:

$ wget https://cilogon.org/gridshib-ca/gridshibca-client.py

$ python gridshibca-client.py

Please enter your Activation Code: <--- paste the Activation Code here

Using GridShib CA server at https://cilogon.org//gridshib-ca//GridShibCA.cgi

Generating private keys and certificate request.

Credential written to /tmp/x509up_u501

Success.

Implementation Details

CILogon-enabled applications implement the GridShib-CA Credential Retriever Protocol. It must:

  • Generate a 2048-bit RSA private key.
  • Create a PEM-encoded PKCS10 certificate request containing the corresponding RSA public key.
  • Submit an HTTP POST request to https://cilogon.org//gridshib-ca//GridShibCA.cgi containing the certificate request and the Activation Code.
  • Read the response to the HTTP POST containing the PEM-encoded signed X.509 certificate.