It is assumed that the reader knows, basically, what a certificate authority (CA) is. This document describes the usage of CA's in the Extreme Lab.
A X509 certificate (and thus a CA) is required for using the Globus Toolkit. This certificate forms the basis by which security is implemented in the Globus Toolkit. Both users and resources on the grid need to have their own certificates. Initially, the Globus organization ran a CA and issued certificates. They now plan to discontinue this service and will do so by the end of 2003. Since all of our certificates were based on this CA, we needed to find a new CA.
As it has turned out, we now have a hybrid approach. We currently use the NCSA CA for our user certificates. We also have a locally installed CA that we use for issuing host/server certificates. There are several advantages and disadvantages to running one's own CA, which will be explored in section 2.4. But, for now at least, it seems to be a workable solution. We may decide in the near future, however, to use the NCSA CA for our host certificates as well.