...

For the grid/IGTF certificates, make sure that your servers have an up-to-date IGTF Trust Anchor Distribution that includes trust for "/C=NL/O=GEANT Vereniging/CN=GEANT eScience Personal CA 4" (for example found in the ca_GEANTeSciencePersonalCA4-1.105-1.noarch.rpm or newer RPM package). From September 2023,  you also need "C=NL, O=GEANT Vereniging, CN=GEANT TCS Authentication RSA CA 4B" (and the corresponding ECC version) and its root "O=Research and Education Trust, CN=Research and Education Trust RSA Root CA" (and its corresponding ECC version).

Revalidating your organisation

After the change at the beginning of September 2023, your organisation needs to be revalidated to be able to issue "GÉANT Personal email signing and encryption" certificates. Send an email to tcs@sunet.se with the subject "Validering" followed by your organization name so we can take care of this for you. If you try to do it yourselves you may accidentally lose the ability to issue server certificates while the validation is ongoing.

Using the portal

The instructions here are geared towards certificate-aware RAOs. You may need to expand on this when providing instructions for your end users, for example by showing them where to import certificates in your supported web browsers, etc.

...