The main goal of creation of the CA is to provide members of Virtual Organizations such as "Grid Research", "New Generation Vaccines" and other subsequent VO's with X.509 Certificates, which give an ability to participate in Grid projects. In principle, membership in any Virtual Organization for the purpose of getting X.509 Certificate is not compulsory.

Certificate Authority issues and revokes user or host/service certificates. Reason of Certificate revocation may be compromise of Certificate or Certificate lifetime expiration. All information about the revoked certificates are held in Certificate Revocation List (CRL), supported by Certificate Authority as well.

Since "Science & Society" Certification Authority (CA) at present is not available all the information below should be considered as introduction.

Steps for getting X.509 Certificate.

1. Create the Certificate request.

- Using a Globus toolkit grid-cert-request utility:
For a user certificate:
grid-cert-request
For a host certificate:
grid-cert-request -dir <output directory> -cert hostcert.pem -key hostkey.pem -req hostreq.pem -host hostname.domain
For a service certificate:
grid-cert-request -nopw -dir <output directory> -cert cert.pem -key key.pem -req req.pem -cn "service/hostname.domain"

- Using OpenSSL utility:
For a user certificate:
mkdir $HOME/.globus
openssl req -config globus-user-ssl.conf -new -out $HOME/.globus/usercert_request.pem -keyout $HOME/.globus/userkey.pem
chmod 600 $HOME/.globus/userkey.pem
Leave all fields except name with their default values.
For a host or service certificate:
openssl req -config globus-host-ssl.conf -new -nodes -out hostreq.pem -keyout hostkey.pem
chmod 600 hostkey.pem
When prompted for a Name enter hostname.domain for a host certificate or service/hostname.domain for a service certificate. Leave all other fields with thier default values.

2. Send this request to Certification or Registration Authority.