Break scientific isolation of Pakistani physicists and bring them to the norms of international productivity in science. . .

DG Message

Site Map

Certification Authority

For becoming fully operational, a Grid Node is also required to be a Certification Authority (CA) which issues digital certificates to users/hosts to use grid resources under secure environment.
PK-Grid-CA is a Certification Authority managed by NCP which provides X.509 certificates to support the secure environment in grid computing. It issues User and Host Certificates to people and sites participating in grid computing in collaboration/partnership with NCP.
PK-Grid-CA Certification Authority is working under European Grid Policy Management Authority (EU-GRID-PMA). The effort in this regard started in October 2003. NCP produced the first Certificate Policy and Certification Practice Statement (CP-CPS) document in December 2003 reviewed by several members of EU-GRID-PMA. After several revisions and useful comments and suggestion by the PMA members the final version of the CP-CPS document was published in April 2004.
The details about the current and all previous versions of the PK-Grid-CA CP-CPS documents produced/published by NCP can be found at:
                                   http://www.ncp.edu.pk/pk-grid-ca/CA-pub.htm#cp_cps
The NCP Certification Authority PK-GRID-CA was officially presented in the 2nd meeting of the EU-Grid-PMA held in Brussels, BELGIUM during September 23-24, 2004. Mr. Usman Ahmad Malik from NCP presented the CA and it was formally approved and accredited by the EU-Grid-PMA as a Certification Authority. The details of the meeting can be found at:
                                    http://eugridpma.org/agenda/fullAgenda.php?ida=a042

PK-Grid-CA had started operations since then. This was the first and only Certification Authority in Pakistan at that time.

Events
  • EU-Grid-PMA meeting in Warsaw, Poland in May, 2005 was attended by Mr. Sajjad Asghar, the PK-Grid-CA Manager.
  • EU-Grid-PMA meeting in Karlsruhe, German in October, 2006 was attended by Mr. Usman Ahmad Malik, the PK-Grid-CA Manager.
  • The old root key for PK-Grid-CA was expiring on December 9, 2008. Hence no certificate could be signed with it after December 8, 2007. A new key pair valid till December 2017 consisting of 4096 bits has been generated and sent to the PMA, and hence distributed via the (International Grid Trust Federation) IGTF-release. All certificate requests are being signed by the new root key.

  • In December 2007, the PK-Grid-CA team drafted the new CP-CPS (1.1.2.0) based on the structure suggested by RFC – 3647. After the approval of the NCP management the new CP-CPS was sent to the EU-Grid-PMA mailing list for approval which was subsequently approved by the PMA in its meeting in January 2008.

  • Mr. Usman Ahmad Malik of PK-Grid-CA team attended the PMA meeting in May 2008 in Copenhagen, Denmark . There GPG keys were exchanged with the PMA chair, Dr. David. L. Groep, who acts as a trust introducer. Later on the signed root keys were sent to TERENA Academic CA Repository (TACAR), a trusted repository which contains verified root-CA certificates, which  put both root keys of PK-Grid-CA into TACAR repository after completing some formal procedures.

  • Self-audit for PK-Grid-CA has been conducted to check compliance of CA operations with the CP-CPS. The audit was conducted according to the "Audit Guidelines Document" provided by the AP-Grid-PMA. The audit report would be published on the NCP website soon.
  • In January 2009, Mr. Sajjad Asghar, a manager of PK-GRID-CA team attended the EU-GRID-PMA meeting  in Cyprus. There he presented the first audit report of PK-GRID-CA. He was also nominated as a member of IGTF-RAT (Risk Assessment Team) in the same meeting.
  • Based upon the feedback of the audit report presented in Cyprus, the CP-CPS has been modified to version CP-CPS (1.1.3.0).
  • The new CP-CPS (1.1.3.0) has been then sent to EU-GRID-PMA for refereeing the incorporating changes.
                    PK-Grid-CA Managers:            Usman Ahmad Malik
                                                                    Sajjad Asghar
So far 175 digital certificates have been issued to NCP, PAEC-I, PAEC-III, COMSATS and NUST, which include user and host certificates, the details are as follows:

Certificates  Record
User Certificates Issued

101
Host Certificates Issued

74
Total Issued

175
Certificates Expired

95
Certificates Revoked

35
Current Active Certificates

45
An online portal is available for certificate request where you can request for user and host certificates. You can request online for a digital certificate at:
For User Certificate      http://www.ncp.edu.pk/pk-grid-ca/userinstructions.htm
For Host Certificate      http://www.ncp.edu.pk/pk-grid-ca/hostinstructions.htm

A list of revoked certificates is maintained on regular basis for the relying parties so that they can check the validity of the certificate they are going to trust. This CRL contains the serial numbers of all the certificates that should no longer be trusted. CRL is issued every twenty three days or right after a certificate revocation.

The latest copy of the PK-GRID-CA CRL can be fetched from:

                                  http://www.ncp.edu.pk/pk-grid-ca/CA-pub.htm#crl

 
 

Copyright © NCP, 2003 - .  All Rights Reserved.