Host Certificate Request Process

Please Read the Instructions carefully before applying for the Certificate

Requesting for the certificates, indicate that you accept the Certificate Policy and Certification Practice Statement (CP/CPS) and that you agree to the subscriber Obligations specified in that document.

Note: You must have an User Certificate before applying for the Host Certificate: If you don’t have the user certificate, please Click here.

If you already have the User Certificate, then follow the step by step guide below for requesting a Host certificate.

Step 1. Download the Host Certificate Application Form.

  1. Download and fill up Host certificate application Form: [Download:PDF FormWord Form ]
  2. Click Here to see the sample Host Application Form Filled.

2. Generate Host Certificate request:

  1. Generate therequestlocally as shown below:

Check whether Openssl is already installed in your local machine and the openssl commands are include in the path.

[admin@grid]# export PATH=$OPENSSL_PATH/bin:$PATH

[admin@grid]# openssl version
OpenSSL 0.9.7a Feb 19 2003

Now follow either of the below Options.

Option -1:

  • Download the fileIGCA_Host_Req.tar.gzto a Unix-like machine and decompress this tarball as shown below:

[admin@grid]# tar -xzvf IGCA_Host_Req.tar.gz

  • This will output a bash file IGCA_Host_Req.sh . Give execute permission to this file as shown below:

[admin@grid]# chmod u+x IGCA_Host_Cert_Req.sh

  • Run the file as shown below . You will be prompted for the FQDN(Fully Qualified Domain Name) name of the host for which certificate being requested.  For e.g test.domain.com.

[admin@grid]# ./IGCA_Host_Cert_Req.sh
Enter your FQDN:(You have to enter your correct Fully Qualified Domain Name below)
test.domain.com

Generating a 2048 bit RSA private key
……………………………………………+++
……………………..+++
writing new private key to ‘test.domain.com.hostkey.pem’
—–
Your Host Cert Request is successfully generated.
##########################################
# IGCA request procedure #
##########################################
1) Now you have to complete the host certificate request procedure by uploading the file test.domain.com.hostreq.pem to IGCA
2) Please go to the link https://ca.garudaindia.in/cgi-bin/pub/pki?cmd=pkcs10_req
3) Upload the request file (test.domain.com.hostreq.pem), in the above page
4) Fill in the remaining fields in the page
(a)Organization >>> Your Organization
(b)Telephone >>> Your telephone number
For more details about requesting host certificate please go to //ca.garudaindia.in/index.php/certificate/host-certificate-request-process/

This will generate two files <FQDN>.hostreq.pem and <FQDN>.hostkey.pem

Here <FQDN>.hostreq.pem is the host certificate request and <FQDN>.hostkey.pem is the private key for your certificate request, which you have to store safely.

[admin@grid]# ls

test.domain.com.hostreq.pem test.domain.com.hostkey.pem IGCA_Host_Cert_Req.sh IGCA_Host_Cert_Req.tar.gz

  1. Copy the<FQDN>.hostkey.peminto /etc/grid-security/ directory of the server for which you requested the certificate as hostkey.pem, and change the permissions as shown below:

[admin@grid]# cp test.domain.hostkey.pem /etc/grid-security/hostkey.pem

[admin@grid]# cd /etc/grid-security/

[admin@grid]# chmod 400 hostkey.pem

  1. Upload the <FQDN>.hostreq.pem to IGCA. Click Request Host Certificate

My Certificates -> Request a Certificate -> Server Certificate Request

Option – 2

  1. On any Linux Flavor With openssl Version greater than 0.9.7a, run the below commands, with the parameters of FQDN replaced with your FQDN HostName.

[admin@grid]# openssl req -new -days 365 -sha1 -newkey rsa:2048 -nodes -keyout hostkey.pem -out hostcert_request.pem -subj ‘/DC=IN/DC=GARUDAINDIA/O=C-DAC/OU=CTSF/CN=FQDN’

Note:

  1. Please Do Not Copy and Paste, Instead type the command in Command Line.
  2. Please type ‘-days 365’ as it in the above command. More than 365 will not be accepted.
  3. It generates 2 files (hostkey.pem-Private Key File and hostcert_request.pem-Public Key File).
  4. Copy the hostkey.pem into /etc/grid-security/ directory of the server for which you requested the certificate and change the permissions as:

[admin@grid]# cd /etc/grid-security/

[admin@grid]# chmod 400 hostkey.pem

  1. Then go to the Request Host Certificate and upload the hostcert_request.pem file and with other details same as in the Host Application Form and confirm your Request.

My Certificates -> Request a Certificate -> Server Certificate Request

** Note down the SERIAL no. generated which is unique and enter in the application form provided in the SERIAL No. field. **

  1. Setup an interview with a local Registration Authority (RA)
  2. You need to meet with an IGCA RA to verify your identity.Locate your nearest RA.
  3. Prepare the following document for the interview with the RA.
  4. Filled Host Certificate application form
  5. Photo ID (Passport, PAN Card, work ID or driver’s license).
  6. Complete and submit your application form
  7. Email Scanned copy and application form to: igca@cdac.in.
  8. After sending the fax, an email has to be sent to igca@cdac.in.
  9. Certificate Issued

Once the Certificate is issued, you will receive a mail from igca@cdac.in, notifying the details to downloading your certificate.

Copy the certificate as /etc/grid-security/hostcert.pem.