[Skip navigation links]

Grid certificates

What are grid certificates?
Through the AusCERT CS, we are able to supply IGTF accredited grid server and grid end user certificates which are publicly trusted.

QuoVadis is accredited through the EUGridPMA to supply grid certificates which have special fields that are relevant to grid resources. They are not for general use Top

How do I order grid host (server) certificates?
Grid host certificates are just another type of SSL certificate. The process for ordering a grid host server certificate is the same for other SSL certificates. Administrators can invite Subscribers to apply for grid server certificates.  The certificate request must then be approved by one of the Sub-LRA Administrators from the Subscriber's organisation before the certificate will be issued. Grid server certificates are only available to organisations that have advised AusCERT that they require grid server certificates; and can see the Grid Policy Template called "AusCERT Grid Server" from the list of available SSL policy templates.

If this policy template is not available in your TrustLink account and you need it, please contact

For further details of the process to obtain grid server (SSL) certificates refer to Appendix 1, page 22 of the QV Subscriber Guide. Top

How do I order grid personal (end user) certificates?
Before a grid-end user certificate can be issued, the applicant must have a face-to-face meeting with the Agent Administrator for their organisation (the SubLRA). The purpose of the face-to-face meeting is to enable the Agent Administrator to verify the applicant's identity documents match the person applying for the grid end user certificate. Specific details of the steps are outlined in the Handling Instructions on the Grid End User Certificate Application Form, which must also be completed, before the Agent Administrator facilitates access to the end user certificate. Once the Agent Administrator and applicant have completed the form and had their face to face meeting, the Agent Administrator then logs into TrustLink and then clicks on the "Invite End User" link; and creates an invitation that is sent to the end-user which will allow them to apply for a grid-end user certificate.   Once this invitation has been sent, no further approval is required by the Administrator; and the end-user will be issued the certificate once they have completed a few more details in TrustLink. Top
What volume limits apply to grid certificates?
Please refer to the volume limits listed.  If you are a local administrator for TrustLink and need more contact AusCERT. Top
I am an Administrator in TrustLink and also require a grid end user certificate. Who should do my face-to-face interview?
You should get another administrator to verify your identity following the process above before obtaining your end-user certificate. Top
Does QV support SHA1 grid certificates?
All QV grid certificates are now SHA256 (SHA2). Where applicable to your organisation, the SHA1 grid certificate policies have been disabled for your organisation's TrustLink account and the new SHA2 grid certificate policies have been enabled. QuoVadis has advised that all Grid Resources are now SHA256 compatible and therefore, you should no longer need the SHA1 grid certificates. Top
Where can I find out more about QV grid certificates?
Refer to the QV CP/CPS for Root CA and Root CA3, available from the QV Repository. See also details about the root and intermediate certificates that apply to grid certificates.Top
Where is the key generated when I use the browser key generation option to request a certificate?
The keys are generated client-side through the Trust/Link portal - so they are generated in your browser. When you receive your invitation, you click on a link which takes you to a webpage where you input your eMail and answer a 'secret question'. You then go to a second webpage where you see the details that will go in the certificate and you generate yourself a certificate password. When you click 'confirm' on this page the key generation takes place in your browser. You then get a second eMail and and follow a link to the download page where the certificate is auto-installed into your browser after you input the password that you created in the previous step. The certificate marries up with the private key which is already in your browser.Top