Personal certificates within Sunet TCS Personal is primarly used for mail (S/MIME) or to login to GRID systems. Unlike Sunet TCS server and code signing certificates, it is the user that shall use the certificate who requests it from a self-service service. There is thus no intermediary between the user and the certificate service in this case.

The user will be identified via a SWAMID federation login to a web-based tool in a way that reminds you how the login to SUNET's e-meeting service works. An important difference is that this service have higher and more specific requirements for how the user is identified in the home organisation.

Sunet TCS Personal requirements on the home organisation identity processes

Sunet TCS Personal requirements on certificate revocation

This can be manually be done by an administrator in the same web interface that is used to issue the certificates. There is also an API that can be used to automatically revoke certificates.

Technical requirements on the home organisation Identity Provider

The TCS Personal Certificate Service is delivered via a a special web portal, DigiCert SAML portal.

Certifikatstjänsten TCS Personal levereras via en webbaserade tjänst. En identitetsutfärdare signalerar att man uppfyller kraven för att utfärda personliga certifikat, avsnittet krav på identitetsprocessen, genom att sätta ett värde för attributet eduPersonEntitlement vid varje inloggning till webtjänsten. Detta värde får endast sättas för användare som uppfyller kraven för SWAMID AL2.

For help in Swedish on how to configure Shibboleth IdP look at the SWAMID Wiki page "Personliga certifikat i Sunet TCS".