Versions Compared

Old Version 15

changes.mady.by.user Kent Engström

Saved on

compared with

New Version 16

changes.mady.by.user Kent Engström

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A user cannot approve their own requests, regardless of privileges in the system. You need to have one user request a certificate and another user (with the Enterprise Approver role) approve it.

Different certificate offerings

...

  • Have the person who will become the first Enterprise Admin for your organization to go https://cm.harica.gr and sign up to create a user. That person should be one who has been a RAO in the Sectigo CM and you should use the same email address as before if at all possible. The email address should belong to your main domain.
    • 2025-1001-0111: The name fields do not accept characters like "åäö" or "-". Do your best without this until we get this fixed.
    • 2025-01-10-01: Sign up for a new account. Do not yet try the the Academic Login option to login using your SWAMID user. We will tell you when that option is working properly.
  • This user must also enable two-factor authentication (TOTP) using the profile page (available from the menu in the top right corner where your name is displayed, then under Two-Factor Authentication (2FA).

...

  • Organization name (official, the value you will get in the O attribute of the certificate)
  • Locality (the value you will get in the L attribute of the certificate)
  • Your main domain (you will be able to add additional domains later)
  • Organization number ("organisationsnummer")
  • A function email alias suitable for receiving notifications from HARICA (such as pending requests, expiring validations etc). 2025-01-10-01: This is mandatory for now. Later, you will be able to choose to instead have these emails sent to all Enterprise Admins
  • Email for the first Enterprise Admin of your organization, as created above.

...

2025-01-10: We ask you to wait with this. You can still issue server certificates DV and email-only S/MIME-certificates. If you need OV, contact tcs@sunet.se. We will provide further instructions here when we and HARICA are ready for everybody to be organization validated.

Administrators

As an Enterprise Admin you can elevate additional users to have more privileged roles than normal users (who can just request certificates). First:

  • The user must have registered at https://cm.harica.gr. The email address should belong to a domain added to enterprise in the system.
    • 2025-01-13: The name fields do not accept characters like "åäö" or "-". Do your best without this until we get this fixed.
    • 2025-01-13: Sign up for a new account. Do not yet try the the Academic Login option to login using your SWAMID user. We will tell you when that option is working properly.
  • The user must also enable two-factor authentication (TOTP) using the profile page (available from the menu in the top right corner where the name is displayed, then under Two-Factor Authentication (2FA).

Then, as enterprise admin, go to Enterprise → Admin and select the Users tab close to the top (between Enterprises and Certificates). Select the appropriate user from the list presented (which will include all users with emails under your domains). In the pane shown, select the Account info pane. You can select to additional roles for the user:

  • Enterprise Admin, which will give this user the same role you have (manage domains, validations, users etc)
  • Enterprise Approver, which will allow this user to approve certificate requests.
    • You can select SSL (server certificate) and S/MIME separately.

You also need to use Manage Groups to add your enterprise name to the Validator groups for the user, and use the Save button.

2025-10: This section will be added soon-13: If the choices you make does to seem to "take" when you look at the Account info again, exit the Users pane for something else and go back and check again. The information should now be correct.

Requesting certificates

Server certificates

...