@@ -35,6 +35,9 @@ In order to authorize a Collaborator to utilize the allocated resources, the PI
1. Provide list of people, including himself, who are authorized to use the resources allocated to the project. The list must include full name, e-mail and affiliation. Provide usernames as well, if collaborator login access already exists on the IT4I systems.
1. Include "Authorization to IT4Innovations" into the subject line.
!!! warning
Should the above information be provided by e-mail, the e-mail **must be** digitally signed. Read more on [digital signatures](/#the-certificates-for-digital-signatures) below.
Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
```bash
...
...
@@ -53,8 +56,6 @@ Example (except the subject line which must be in English, you may use Czech or
(Digitally signed)
```
Should the above information be provided by e-mail, the e-mail **must be** digitally signed. Read more on [digital signatures](obtaining-login-credentials/#the-certificates-for-digital-signatures) below.
## Login Credentials
Once authorized by PI, every person (PI or Collaborator) wishing to access the clusters, should contact the [IT4I support](https://support.it4i.cz/rt/)(E-mail:[support\[at\]it4i.cz](mailto:support@it4i.cz)) providing following information:
...
...
@@ -66,6 +67,9 @@ Once authorized by PI, every person (PI or Collaborator) wishing to access the c
1. Your preferred username, max 8 characters long. The preferred username must associate your surname and name or be otherwise derived from it. Only alphanumeric sequences, dash and underscore signs are allowed.
1. In case you choose [Alternative way to personal certificate](obtaining-login-credentials/#alternative-way-of-getting-personal-certificate), a **scan of photo ID** (personal ID or passport or driver license) is required
!!! warning
Should the above information be provided by e-mail, the e-mail **must be** digitally signed. Read more on [digital signatures](/#the-certificates-for-digital-signatures) below.
Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
```bash
...
...
@@ -84,14 +88,6 @@ Example (except the subject line which must be in English, you may use Czech or
(Digitally signed)
```
Should the above information be provided by e-mail, the e-mail **must be** digitally signed. To sign an e-mail, you need digital certificate. Read more on [digital signatures](obtaining-login-credentials/#the-certificates-for-digital-signatures) below.
Digital signature allows us to confirm your identity in remote electronic communication and provides an encrypted channel to exchange sensitive information such as login credentials. After receiving your signed e-mail with the requested information, we will send you your login credentials (user name, key, passphrase and password) to access the IT4I systems.
We accept certificates issued by any widely respected certification authority.
For various reasons we do not accept PGP keys.** Please, use only X.509 PKI certificates for communication with us.**
You will receive your personal login credentials by protected e-mail. The login credentials include:
1. username
...
...
@@ -118,29 +114,35 @@ Change password in [your user profile](https://extranet.it4i.cz/user/).
We accept personal certificates issued by any widely respected certification authority (CA). This includes certificates by CAs organized in [International Grid Trust Federation](http://www.igtf.net/), its European branch [EUGridPMA](https://www.eugridpma.org/) and its member organizations, e.g. the [CESNET certification authority](https://tcs.cesnet.cz). The Czech _"Qualified certificate" (Kvalifikovaný certifikát)_ provided by [PostSignum](http://www.postsignum.cz/) or [I.CA](http://www.ica.cz/Kvalifikovany-certifikat.aspx), that is used in electronic contact with Czech authorities is accepted as well.
Certificate generation process is well-described here:
Certificate generation process for academic purposes, utilizing the CESNET certification authority, is well-described here:
*[How to generate a personal TCS certificate in Mozilla Firefox web browser (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-gen)
If you are not able to obtain certificate from any of the respected certification authorities, please follow the Alternative Way bellow.
A FAQ about certificates can be found here: [Certificates FAQ](certificates-faq/).
## Alternative Way to Personal Certificate
Follow these steps **only** if you can not obtain your certificate in a standard way. In case you choose this procedure, please attach a **scan of photo ID** (personal ID or passport or drivers license) when applying for [login credentials](obtaining-login-credentials/#the-login-credentials).
* Go to [CAcert](www.cacert.org).
* If there's a security warning, just acknowledge it.
* Click _Join_.
* Fill in the form and submit it by the _Next_ button.
* Type in the e-mail address which you use for communication with us.
* Don't forget your chosen _Pass Phrase_.
* You will receive an e-mail verification link. Follow it.
* After verifying, go to the CAcert's homepage and login using _Password Login_.
* Go to _Client Certificates_ _New_.
* Tick _Add_ for your e-mail address and click the _Next_ button.
* Click the _Create Certificate Request_ button.
* You'll be redirected to a page from where you can download/install your certificate.
* Simultaneously you'll get an e-mail with a link to the certificate.
Follow these steps **only** if you can not obtain your certificate in a standard way. In case you choose this procedure, please attach a **scan of photo ID** (personal ID or passport or drivers license) when applying for login credentials.
!!! warning
Please use Firefox (clone) for following steps. Other browsers, like Chrome, are not compatible.
* Go to [COMODO Application for Secure Email Certificate](secure.comodo.com/products/frontpage?area=SecureEmailCertificate).
* Fill in the form, accept the Subscriber Agreement and submit it by the _Next_ button.
* Type in the e-mail address, which you intend to use for communication with us.
* Don't forget your chosen _Revocation password_.
* You will receive an e-mail with link to collect your certificate. Be sure to open the link in the same browser, in which you submited the application.
* Your browser should notify you, that the certificate has been correctly installed in it. Now you will need to save it as a file.
* Now in Firefox navigate to _Options > Advanced > Certificates > View Certificates_.
* In the _Your Certificates_ tab, find the fresh certificate with today's date.
* Select it and hit the _Backup..._ button
* Standard save dialog should appear, where you can choose tha name of your certificate file for your easy identification in the future.
* You will be prompted to choose a passphrase for yor new certificate. This passphrase will be needed for installation into your favourite email client.
!!! note
Certificate file now can be installed into your email client. Web-based email interfaces cannot be used for secure communication, exterall application, such as Thunderbird or Outlook must be used (instructions bellow).
## Installation of the Certificate Into Your Mail Client
...
...
@@ -153,7 +155,7 @@ MS Outlook 2010
Mozilla Thudnerbird
*[Installing an SMIME certificate](http://kb.mozillazine.org/Installing_an_SMIME_certificate)
*[Installing an SMIME certificate](https://support.globalsign.com/customer/portal/articles/1214955-install-certificate---mozilla-thunderbird)
*[Importing a PKCS #12 certificate (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-imp)
