Versions Compared

Old Version 81

changes.mady.by.user Kent Engström

Saved on

compared with

New Version 82

changes.mady.by.user Kent Engström

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We recommend that you use the STAGING environment for testing basic attribute release, user creation/login etc as that database is not shared with the production environment so you will not interfere with existing users. When it works there, you can enable it for PRODUCTION as well.

Certificate

...

chains

Server Certificates

If you do not have specific demands to support older devices and operating systems that have not got trust stores updates since 2021, we recommend that you only serve the GEANT TLS RSA 1 intermediate certificate as a chain certificate (or the GEANT TLS ECC 1 version if you have an ECC certificate). The full details of the chains follow below.

RSA server certificates (DV, OV, grid)

Your server certificate is signed by

CN=GEANT TLS RSA 1, O=Hellenic Academic and Research Institutions CA, C=GR
(CA https://crt.sh/?caid=390054, certificate https://crt.sh/?id=16099180997)

which is signed by

CN=HARICA TLS RSA Root CA 2021, O=Hellenic Academic and Research Institutions CA, C=GR
(CA https://crt.sh/?caid=202184)

which should be in the browser/OS/etc trust stores as a self-signed CA certificate (https://crt.sh/?id=4147041876), but is also available as an intermediate CA certificate (https://crt.sh/?id=5191324706) signed by

CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
(CA https://crt.sh/?caid=14566)

which should be in the browser/OS/etc trust stores on older devices.

ECC server certificates (DV, OV, grid)

Your server certificate is signed by

CN=GEANT TLS ECC 1,O=Hellenic Academic and Research Institutions CA,C=GR
(CA https://crt.sh/?caid=390050, certificate https://crt.sh/?id=16099180990)

which is signed by

CN=HARICA TLS ECC Root CA 2021, O=Hellenic Academic and Research Institutions CA, C=GR
(CA https://crt.sh/?caid=202185)

which should be in the browser/OS/etc trust stores as a self-signed CA certificate (https://crt.sh/?id=4147045948), but is also available as
an intermediate CA certificate (https://crt.sh/?id=5191324707) signed by

CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
https://crt.sh/?caid=14546

which should be in the browser/OS/etc trust stores on older devices2025-01-15: Certificates are still issued with HARICA's existing intermediates, not the custom TCS intermediates that will be used in the future. We will add more information here when the TCS intermediates are in place.