| Table of Contents |
|---|
INFOSHARE SLIDES
Q = Question. R = Recommendation
Q: Will we still have access to the DigiCert portal after 30th April 2020?
...
We recommend Qualys SSL Server Test which tests this and and a lot of other useful things (most of them related to you server configuration, not the certificates as such). For the chain specifically, look at the "Chain issues" heading where you want to see "None" (if you have trimmed the unnecessary certificates from the chain) or "Contains anchor" (if you have kept the full set).
...
Q: Should I Use
...
OV
...
or Multi-domain OV?
When a TCS member orders a GÉANT OV SSL certificate in Cert Manager for a name, such as mail.sample.example.org, in the Subject Alternative Names, they get a correct entry for DNS:mail.sample.example.org but they also get DNS:www.mail.sample.example.org. I have confirmed this by looking at issued certificates in our SCM instance. We recommend ordering GÉANT OV Multi-Domain for the time being instead of GÉANT OV SSL. This issue has been raised with the supplier.
Q: Are Document Signing Certificates available via Sectigo?
It is currently possible to order Document Signing Certificates on a preconfigured USB token from Sectigo. The token needs to be purchased from Sectigo directly through their retail site (not SCM): https://store.sectigo.com/cart.php?a=add&pid=97. More information on this process is available in this GUIDE.
Q: How Do I Order EV Code Signing Certificates
Similarly to document signing certificates, EV Code Signing Certificates need to be provided on a preconfigured USB token from Sectigo. Only NREN MRAOs can create accounts on this site and order document signing certificates for their members. Sectigo does not have a list of your member organisations and therefore they do not know who is eligible for the TCS service. The token costs 120 USD (discounted price for TCS members only). More information on this process is available in this GUIDE.
Q: How do I create an EV Anchor?
...