Registration Authorities (RA)¶
What is an RA?¶
When applying for a certificate, it is a requirement to prove your identity to the Certification Authority (CA) by presenting a valid photo id in person. This involves a face-to-face meeting with a member of the CA who will check your id and take a copy of it.
A Registration Authority (RA) is an institution (e.g. a university) authorised by the UK eScience CA to check user’s identities and to approve requests for digital certificates. By having RAs located around the UK, users don’t need to travel long distances to have the face-to-face meeting.
When you request a certificate, you need to visit your closest RA, who will check your id and approve your request so the CA can issue your certificate.
Creating a new RA¶
If you want to host an RA in your institution, you will need to contact the helpdesk where we will guide you through the following steps.
Choosing a name for the RA¶
The name of the RA has two parts, the Organisational Unit (OU) and the Location (L). The OU is the institution hosting the RA. It should be the longest form of the institution name such as “www.institution-name.ac.uk” . So, for example, if you want to create an RA for the University of Datchworth and your website is “www.datchworth.ac.uk”, then your OU should be OU=Datchworth.
The L is the department where the RA Manager and Operators work, for example L=Physics or L=ITServices.
Appointing an RA Manager¶
The RA Manager must be a paid employee of the Department and Institution where the RA is located. (S)he will be responsible for appointing RA Operators and making sure that the RA operates according to the CA regulations (CP/CPS).
To appoint an RA Manager, the head of the Department hosting the RA needs to send the RA Manager appointment letter by post to the CA. Please remember to include the letterhead of your institution and to replace all the relevant fields with your information. The letter must be signed by the Head of the Department.
Once the letter is received by the CA, the new RA can be created in the system.
Appointing one or more RA Operators¶
An RA must have one RA Manager and one or more RA Operators (the same person can be both Manager and Operator). The RA Operators are responsible for dealing with the certificate requests.
Four steps are required for becoming an RA Operator.
Obtain a UK eScience certificate. To carry out the RA Operator duties, a digital certificate belonging to the RA you are an RA Op of is required.
Sit an Online RA Training Course and then pass the test at the end.
The RA Manager should post an RA Operator letter of appointment: this is very similar to the RA Manager appointment letter. It needs to be signed both by the RA Manager and by the appointed RA Operator. One letter must be used for each different RA Operator. If the RA Manager and the RA Operator are the same person please use the self-appointed RA Operator letter.
The UK eScience CA Service Manager will then promote your certificate to be an RA one
Once all the steps are completed, the RA will be set up and ready to deal with user’s requests.