Versions Compared

Old Version 2

changes.mady.by.user Kent Engström

Saved on

compared with

New Version 3

changes.mady.by.user Kent Engström

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Email tcs@sunet.se after making sure that this FAQ list does not contain the answer.

Getting Information

Where do we find the Certificate Practice Statements and related documents?

...

Where to we find information about SUNET TCS Personal?

FIXME!!!

Starting to Use the New System

We were members of the Comodo generation of SUNET TCS Server. How do we get access to the new system?

Follow the same procedure as those who were not members earlier (see next question).

We were not members of the Comodo generation of SUNET TCS Server. How do we get access to the new system?

Download SUNET TCS Server Subscriber Registration Form (version 3.0). Fill it in and send it (all pages) to the address stated at the end.We will create a division for you in the DigiCert portal. As part of that, your chosen admin contact gets an email from DigiCert and will be able to set his/her password. He/she will become the first administrator for your division. Make sure that person is available to handle the email before you apply.

How do we get the rest of our administrators added?

Your initial administatror can add more administrators using the Add User button under Account → Users. Do not forget to select the Administrator Role.

Gettting Validated

How do we get our organization validated for use?

Use the New Organization button under Certificates → Organizations. We recommend that you use your official Swedish name as Legal name. Do not fill in Assumed name. Use the most senior member of your TCS team as your Validation Contact.

You might want to check that the organization name you request is the one that is used for your organization in databases listing companies, government agencies etc (e.g. credit information sites like www.upplysning.seratsit.se, well-known search sites like www.eniro.sewww.hitta.se, etc.)

We recommend that you validate for all certificate types from start.You can read more at the GÉANT TCS Wiki page about Validation.

Can we have more than one organization validated?

Yes, you can. If your university is made up of several legal entities (companies, foundations etc) you might have to register more than one organization. However, you should not create organizations for departments, schools etc that are really part of the same legal entity as the university (or similar) as such.

How do we get our domains validated for use?

Use the Add Domain button under Certificates → Domains. The domain will be registered as belonging to an Organization you already added. Make sure that the domain is registered to that legal entity in the public databases (check with https://www.iis.se/ first for .se domains).You can enter one or more domains for validation while the organization validation is still pending.

What happens during validation?

DigiCert will use public databases and may also make phone calls and send emails to verify the provided information. Make sure that you are available for that the during the day.

Domain validation emails will be sent to a list of addresses based on the domain name (e.g. {admin,administrator,hostmaster,postmaster,webmaster}@yourdomain.se) as well as addresses registered in WHOIS databases. All addresses are used simultaneously, but you only need to act on one of the emails.

Verify that you can receive email to at least one of the fixed addresses above before submitting the domain for validation. As of 2015-04-01, the automatic DigiCert emails are sent from support@digicert.com or admin@digicert.com. Before contacting DigiCert or SUNET about emails not received, please check your spam filters.

What if the validation stalls?

During the test phase, DigiCert has validated our organizations and domains quickly. We expect that to be the case during production too. If the validation stalls with no detectable progress for a couple of hours, use the DigiCert Live Chat (see above) and ask them about the status.

What if they validate the wrong thing?

During the test phase, we have seen instances of DigiCert being "helpful" and changing the organization name when they found something similar to what you asked for, for example validating "University of Whatever Holding AB" instead of "University of Whatever". If that happens to you, use the DigiCert Live Chat (see above) to explain that they have made an error and ask them to correct it at once.

We want grid (e-Science) certificates and have an organization name containing å, ä or ö. Do we need to do something special?

Yes. As name components in grid (e-Science) certificates are not allowed to contain non-ASCII characters, you need to validate an additional organization with a name not containing the non-ASCII characters. For example, if you normal organization is "Linköpings universitet", you should also get "Linkopings universitet".

You should then be able to add the domain or domains you want grid (e-Science) certificates for under the new special organization.

Can we validate more than one administrator for EV?

Yes! Go to Certificates → Organizations and select the right organization. Then click Submit for Validation. In the popup, check "EV" and select the right adminstrator as "EV Verified User". Then click Submit for Validation again.