12-16 April 2010
Uppsala University
Europe/Stockholm timezone

jGridstart: request, obtain, and install grid user certificates in a friendly way

Apr 12, 2010, 5:03 PM
Aula (Uppsala University)


Uppsala University

Poster Support services and tools for user communities Poster session


Willem van Engen (Nikhef)


The use of X.509 certificates gives flexibility in authentication and authorisation on the grid. The associated key is usually stored on the user's computer. While this is good practice from a security standpoint, managing keys and certificates is far from trivial. jGridstart attempts to bridge this gap by providing a friendly user-interface to guide the user in requesting, renewing, and installing user certificates. It is currently in use at the DutchGrid certification authority.

Detailed analysis

Grid applications running on the user's desktop typically use Globus certificates to obtain access to the grid. In addition to this, the certificate needs to be present in the user's web browser to access online grid services. One of the first experiences with the grid are often the generation of a private key and certificate signing request,
submission of the request to the certificate authority, downloading the certificate, and installing it into the web browser. This generally involves file-manipulation and invocation of command-line utilities (openssl), which can be quite daunting to less seasoned grid users.

To make requesting and managing grid certificates straightforward even for new users, jGridstart has been developed with the following things in mind: (1) Friendly user-interface that detects the current state of affairs, and presents sensible options to the user; (2) Easy deployment using Java web start, which enables low-level system access; (3) Single application (3.5MB) that has no external dependencies, apart from Java.

jGridstart takes care of the whole cycle from new request, retrieval, installation into the Globus certificate store and web browser, to renewal.


A user-friendly interface for managing grid certificates lowers the entry barrier for grid users on the desktop. Less time and effort is needed to get started with the grid (certificate requests), and to remain an active grid user (certificate renewals). jGridstart also makes the grid more accessible for less technical disciplines, where the command-line may be unknown altogether.

Conclusions and Future Work

jGridstart is currently tailored towards the DutchGrid certificate authority's request process, and some work needs to be done to easily support other procedures as well.

The current approach is a single program that covers all aspects, providing a consistent user-interface. It would be beneficial to be able to use an adaptable web portal as user-interface, with jGridstart just covering the portions that require low-level system access.

URL for further information http://jgridstart.nikhef.nl/
Keywords x509 certificate ca grid user interface usability ui java client

Primary author

Presentation materials