WebSubmit Frequently Asked Questions

Outline

  • General
  • What do I need to use WebSubmit?
    What systems can I access using WebSubmit?
    Is there anything special I need to do to access my remote accounts?
  • Certificates
  • What is a digital certificate?
    What is a Certificate Authority (CA)?
    Why do I need a certificate to use WebSubmit?
    How do I get a WebSubmit certificate?
    How do I load a certificate into my browser?
    On what machines can I use a browser with my new certificate?
    What if I want to use my certificate from multiple machines?
    How can I look at my certificate information?
    Who do I contact if I have problems with my certificate?
  • Accessing WebSubmit
  • How do I access WebSubmit if I have a certificate?
    I get an error message about not being registered yet.  Is this normal?
    Should I accept the WebSubmit server's site certificate?
    I can't seem to access any remote systems.  What is the problem?
  • Help
  • What kind of help is available on WebSubmit?
    Who can I contact if I have questions that I can't find answers to in this FAQ or in the help?



     

    General

    What do I need to use WebSubmit?

    What systems are currently connected to WebSubmit at NIST?
    As of 11.16.98, WebSubmit provides facilities to access the following systems:


    Is there anything special I need to do to access my remote accounts?
    You need a special file in the home directory of each account you access.  This file is called .shosts, and should contain the single line

    websubmit.nist.gov nobody
    and should have permissions set so that only you can read and write this file (i.e., 600 or -rw-------).  This file is needed to give WebSubmit permission to execute commands in your account.
     
     


     

    Certificates

    What is a digital certificate?
    A digital certificate is basically a container for a public key that has been signed by a trusted third-party (a Certificate Authority).  This third-party, by its signature, is simply vouching for your identity.  The public key contained in your certificate allows you to connect to the WebSubmit secure server, verify your identity, and enter into an encrypted session, where all information passing between your browser and the WebSubmit server is encrypted for privacy.
     

    What is a Certificate Authority (CA)?
     A Certificate Authority is a trusted third-party used to issue a digital certificate.  The CA digitally signs each certificate with its own identity, thereby vouching for the identity of the user represented by the certificate.  In this way, servers can trust the CA without having to trust each individual user explicitly.  A user is trusted by virtue of their certificate signed by the trusted authority.  In the world of public key cryptography, CAs are an essential means for distributing public keys in a manner such that they can be trusted.


    Why do I need a certificate to use WebSubmit?
    WebSubmit uses your digital certificate to establish your identity with certainty.  Even if someone steals your certificate and attempts to masquerade as you, they will be unable to use your accounts if they don't also possess the private key generated and encrypted by your browser.  Once your identity has been established, your login name(s) on remote systems can be determined, and you can use these systems via WebSubmit application modules.  By virute of the public key in your certificate, access to these systems is encrypted and secure, and provides better security than telnet.


    How do I get a WebSubmit certificate?
    Each WebSubmit site has its own Certificate Authority used to issue certificates to users.  If you are an NIST user, you can use your browser to request a certificate through http://webservices.nist.gov/pki.  The CA contained at this site will issue your certificate, allowing it to be loaded into your browser for use with WebSubmit.


    How do I load a certificate into my browser?
    The CA should have provided instructions for how to load your certificate into your browser.   The two main techniques are to load the certificate from your hard disk, and to load your certificate via the Web using a special URL provided by the CA.  At NIST, certificates are typically distributed by diskette.


    On what machines can I use the browser with my new Certificate?
    Your certificate is stored in the HOME directory on the machine on which it was loaded.  If your HOME directory is shared across multiple machines, then you can use your certificate on all machines that share this directory.  If your HOME directory is not shared, then you can only use your certificate by running a browser on the machine where the certificate was loaded.  See the following question on how to share your certificate across multiple machines if this needs to be done.


    What if I want to use my certificate from multiple machines?


    How can I look at my certificate information?
     


    Who do I contact if I have problems with my certificate?
    You basically have two resources you can use to get questions answered regarding your certificate: the CA that issued the certificate, or the WebSubmit administrator.  The CA is probably the best resource as a first try, since they are more familiar with the varieties of browsers available and the types of problems that may occur.  If they can't offer any guidance, give the WebSubmit administrator a try by clicking on the Email link in the first page you accessed when trying to use WebSubmit.
     
     



     

    Accessing WebSubmit

    How do I access WebSubmit if I have a certificate?
    If you have already loaded your personal certificate into your browser, then you can simply click on the link Access Secure Server from the Main WebSubmit page.   Alternatively, you can use the same URL you used to access the insecure version of WebSubmit, but substitute https for http!!


    I get an error message about not being registered yet.  Is this normal?
    Yes.  The first time you attempt to access the secure server, the WebSubmit administrator is sent a message regarding your request.  After verifying that you have permission to use the system, you are added to the system and notified via email.  Once you have been notified via email, accessing the secure server (https://...) should yield the secure WebSubmit page with all available application modules.  If it does not, then please contact the WebSubmit administrator.


    Should I accept the WebSubmit server's site certificate into my browser?
    Yes.  The first time you access the secure server it may ask you about accepting the WebSubmit server's certificate into your browser.  This is perfectly normal, and you can go ahead and accept the server's certificate.


    I can't seem to access any remote systems.  What is the problem?
    Before you can access any remote systems, recall that you need to set up a .shosts file for each system you wish to access (assuming they have separate home directories).
     



     

    Help

    What kind of help is available on WebSubmit?
    In the link bar on the left side of the screen, there is a Help link that will bring up some HTML documentation about the basic operation of WebSubmit and about the individual application modules.  Within many individual application modules, there are hyperlinks for individual elements in the application.  Clicking on these links will bring up the relevant information in the Help Desk frame at the bottom of your browser.


    Who can I contact if I have questions that aren't in this FAQ or in the Help?
    Contact the WebSubmit administrator via email.  There should be an email link (a small envelope) in the link bar on the left side of the WebSubmit pages.  Click this link and then compose your mail, stating your question and/or the problems you encountered as clearly as possible.