...

Logged in as an administrator, use Certificates → Orders and select the certificate. You will find buttons for downloading, reissuing and revoking the certificate.

Personal certficates

Can we

...

isue personal certficates to our users?

The TCS eScience Personal Certificate Policy requires conformance with the Euro GRID PMA policy. SWAMID Identity Assurance Profile 2 fulfills the requirements to request personal certificates. Both the organisation and the user needs to fulfill the requirements for SWAMID AL2. If you want to check if your organisation is approved for SWAMID AL2 please cheon the SWAMID members page.

How do we configure our SAML WebSSO Identity Provider to work with the DigiCert Portal?

SWAMID has published one Wiki page in Swedish with information on how to configure Shibbooleth IdP for TCS Personal (eScience) Personliga certifikat i Sunet TCS. If you use ADFS or another Identity Provider software you could use that wiki page as an template.

How do we enable our users to login to the personal certficate portal?

The user that sets up the configuration for your organisation Identity Provider login need to be an administrator for you organization.

In the administrative console for DigiCert choose the menu SAML Organization Mapping and click the button "+ New Mapping". In the form that opens up choose you home organization Identity Provider, your correlalting home organization name and the domain name that your Identity Provider sends in the attribute schacHomeOrganization, normaly your top DNS.name, e.g. uu.se for Uppsala University. To save click the button "Add Organization" and now everything should work. Go to the DigiCert SAML portal choose your Identity Provider and test to login. Please note that you have configure your Identity Provider correctly and your user must have the right entitlement before you login.

Customizing

Can we limit the certificate types our users can order?

...