WebSubmit Frequently Asked Questions
Outline
General
What do I need to use WebSubmit?
What systems can I access using
WebSubmit?
Is there anything special I need
to do to access my remote accounts?
Certificates
What is a digital certificate?
What is a Certificate Authority (CA)?
Why do I need a certificate to use WebSubmit?
How do I get a WebSubmit certificate?
How do I load a certificate into my browser?
On what machines can I use a browser with my new certificate?
What if I want to use my certificate from multiple machines?
How can I look at my certificate information?
Who do I contact if I have problems with my certificate?
Accessing WebSubmit
How do I access WebSubmit if I have a certificate?
I get an error message about not being registered yet.
Is this normal?
Should I accept the WebSubmit server's site certificate?
I can't seem to access any remote systems. What
is the problem?
Help
What kind of help is available on WebSubmit?
Who can I contact if I have questions that I can't find
answers to in this FAQ or in the help?
General
What do I need
to use WebSubmit?
-
Web Browser:
WebSubmit requires that you have access to a Web browser that supports
128-bit encryption and digital certificates. The US versions of Netscape
4.05+ and Microsoft Internet Explorer 4.0+ provide the necessary functionality.
-
Digital Certificate:
In order to provide secure access to your remote accounts, you need a digital
certificate signed by a valid NIST Certificate Authority
(CA) to be installed in your browser. The following section should
answer any additional questions you may have about certificates.
-
Accounts on one or more Remote Systems:
WebSubmit is setup up to provide you access to your accounts on the remote
systems connected to the cluster. In order to use WebSubmit with
any of these systems, you must have a user account. If you do not
have an account, accounts can be requested by sending mail to acctnew@nist.gov.
What systems
are currently connected to WebSubmit at NIST?
As of 11.16.98, WebSubmit provides facilities
to access the following systems:
-
danube.nist.gov:
37-node IBM SP2 parallel supercomputer
-
arno.nist.gov:
8-CPU SGI Origin 2000
-
amur.nist.gov:
24-CPU SGI Origin 2000
-
rapid.nist.gov:
16-node Linux PC Cluster
Is there
anything special I need to do to access my remote accounts?
You need a special file in the home directory
of each account you access. This file is called .shosts,
and should contain the single line
websubmit.nist.gov
nobody
and should have permissions set so that only you
can read and write this file (i.e., 600
or -rw-------). This file
is needed to give WebSubmit permission to execute commands in your account.
Certificates
What is a digital
certificate?
A digital certificate is basically a container for a public key
that has been signed by a trusted third-party (a Certificate Authority).
This third-party, by its signature, is simply vouching for your identity.
The public key contained in your certificate allows you to connect to the
WebSubmit secure server, verify your identity, and enter into an encrypted
session, where all information passing between your browser and the WebSubmit
server is encrypted for privacy.
What is
a Certificate Authority (CA)?
A Certificate Authority is a trusted third-party used to issue
a digital certificate. The CA digitally signs each certificate with
its own identity, thereby vouching for the identity of the user represented
by the certificate. In this way, servers can trust the CA without
having to trust each individual user explicitly. A user is trusted
by virtue of their certificate signed by the trusted authority. In
the world of public key cryptography, CAs are an essential means for distributing
public keys in a manner such that they can be trusted.
Why do I
need a certificate to use WebSubmit?
WebSubmit uses your digital certificate to establish your identity
with certainty. Even if someone steals your certificate and attempts
to masquerade as you, they will be unable to use your accounts if they
don't also possess the private key generated and encrypted by your browser.
Once your identity has been established, your login name(s) on remote systems
can be determined, and you can use these systems via WebSubmit application
modules. By virute of the public key in your certificate, access
to these systems is encrypted and secure, and provides better security
than telnet.
How do I
get a WebSubmit certificate?
Each WebSubmit site has its own Certificate Authority used to issue
certificates to users. If you are an NIST user, you can use your
browser to request a certificate through http://webservices.nist.gov/pki.
The CA contained at this site will issue your certificate, allowing it
to be loaded into your browser for use with WebSubmit.
How do I
load a certificate into my browser?
The CA should have provided instructions for how to load your certificate
into your browser. The two main techniques are to load the
certificate from your hard disk, and to load your certificate via the Web
using a special URL provided by the CA. At NIST, certificates are
typically distributed by diskette.
-
Loading a Certificate from Floppy Disk (NETSCAPE
4.0x+):
-
Copy the certificate to your hard disk (how this is done depends on what
kind of system you are using).
-
Go to the Communicator Menu at the top of your browser and select Security
Info
-
Within Security Info, follow the Yours link underneath Certificates
-
Click on Import Certificate
-
If you already have certificates loaded, or if you have a Netscape Communicator
password, you should be prompted for this password. Enter it if this
is the case.
-
Select the certificate you stored on disk in Step 1 and Click Ok.
-
The browser will ask you a series of questions about your certificate.
Follow the instructions provided.
-
Once the process is complete, you should see your new certificate appear
when you go to the Yours link underneath Certificates.
-
Loading a Certificate via URL (NETSCAPE
4.0x+):
-
Go to the URL specified by your CA after your certificate has been issued.
-
The browser will ask you a series of questions about your certificate.
Follow the instructions provided.
-
Once the process is complete, you should see your new certificate appear
when you go to the Yours link underneath Certificates.
On what
machines can I use the browser with my new Certificate?
Your certificate is stored in the HOME
directory on the machine on which it was loaded. If your HOME
directory is shared across multiple machines, then you can use your certificate
on all machines that share this directory. If your HOME
directory is not shared, then you can only use your certificate by running
a browser on the machine where the certificate was loaded. See the
following question on how to share your certificate across multiple machines
if this needs to be done.
What if
I want to use my certificate from multiple machines?
-
Netscape 4.0x+
-
Go to Communicator -> Security Info
-> Certificates -> Yours
-
Select the certificate to be used on multiple machines
-
Click Export
-
Enter the password for your Communicator Certificate Database
-
Enter a password to use to encrypt the certificate being exported
-
Select the name of the file in which to store the encrypted certificate
data
-
Copy the selected file to the machine(s) on which you wish to use this
certificate
-
Load the certificate into Netscape on those machines using the procedure
outlined above
-
Microsoft Internet Explorer 4.0+
-
Sorry, No help yet! Try back soon...
How can
I look at my certificate information?
-
Netscape 4.0x+
-
Go to Communicator -> Security Info
-> Certificates -> Yours
-
Select the certificate you wish to view
-
Click View
-
Microsoft Internet Explorer 4.0+
-
Go to View -> Options -> Security ->
Certificates -> Personal
-
Select the certificate you wish to view
-
Click View
Who do I
contact if I have problems with my certificate?
You basically have two resources you can use to get questions answered
regarding your certificate: the CA that issued the certificate,
or the WebSubmit administrator. The CA is probably the best
resource as a first try, since they are more familiar with the varieties
of browsers available and the types of problems that may occur. If
they can't offer any guidance, give the WebSubmit administrator a try by
clicking on the Email link in the first page you accessed when trying to
use WebSubmit.
Accessing WebSubmit
How do I
access WebSubmit if I have a certificate?
If you have already loaded your personal certificate into your browser,
then you can simply click on the link Access Secure Server from
the Main WebSubmit page. Alternatively, you can use the same
URL you used to access the insecure version of WebSubmit, but substitute
https for http!!
I get
an error message about not being registered yet. Is this normal?
Yes. The first time you attempt to access the secure server,
the WebSubmit administrator is sent a message regarding your request.
After verifying that you have permission to use the system, you are added
to the system and notified via email. Once you have been notified
via email, accessing the secure server (https://...)
should yield the secure WebSubmit page with all available application modules.
If it does not, then please contact the WebSubmit administrator.
Should
I accept the WebSubmit server's site certificate into my browser?
Yes. The first time you access the secure server it may ask you
about accepting the WebSubmit server's certificate into your browser.
This is perfectly normal, and you can go ahead and accept the server's
certificate.
I can't
seem to access any remote systems. What is the problem?
Before you can access any remote systems, recall that you need to set
up a .shosts file for each system you wish to access (assuming they
have separate home directories).
Help
What kind of
help is available on WebSubmit?
In the link bar on the left side of the screen, there is a Help link
that will bring up some HTML documentation about the basic operation of
WebSubmit and about the individual application modules. Within many
individual application modules, there are hyperlinks for individual elements
in the application. Clicking on these links will bring up the relevant
information in the Help Desk frame at the bottom of your browser.
Who can
I contact if I have questions that aren't in this FAQ or in the Help?
Contact the WebSubmit administrator via email. There should be
an email link (a small envelope) in the link bar on the left side of the
WebSubmit pages. Click this link and then compose your mail, stating
your question and/or the problems you encountered as clearly as possible.