Fermilab Computing Sector
Computing Sector Banner

Sorting out certificates- upcoming changes to various CAs 

From Computing Bits, January 29, 2016

Computer Security

One of the themes within our Computing Strategic Plan is that “We will strive to simplify the end-user experience by providing tools, interfaces and mobility applications so that our employees’ work experiences are similar to what they are used to at home.” 

Hello, SSO.

To this end, we have begun to phase out using certificates to authenticate to Web services and applications. For most of these services, certificate access will be replaced by the new single-sign-on (SSO) capability developed by the CCD Authentication Services group. SSO allows you to use your services account to access FermiPoint and other services (and conveniently, enables you to access these services from your mobile devices without having to fumble with certificates).

Sayonara, KCA.

At Fermilab, most services and applications currently require Kerberos Certificate Authority (KCA) certificates.  The KCA will reach end of life in September. The plan is to transition all services that use KCA to SSO authentication well before September. This means that most people (typically, non-scientists) don't need to worry about getting replacement certificates (Scientists should read the upcoming sections).  

Read the full article in Computing Bits

printer friendly
 This page rendered in 0.1587 seconds