...
| Membership category | NRENS in category |
| 1 | IS, BG, LV, MT, ME, MK, MD, AM |
| 2 | BY, LU, LT, EE, RS, AL, LB, CY, GE |
| 3 | SI, HR, MA, OM, SK, AZ |
| 4 | CZ, HU, RO, IE |
| 5 | DK, GR, FI, PT, IL |
| 6 | NL, CH, BE, SE, TR, AT, PL, NO |
| 7 | ES |
| 8 | DE, UK, FR, IT |
Q: What
...
are the Support Hours for Sectigo?
Sectigo staffs and operates 4 support centres globally in North America (Ottawa, Canada and Salt Lake City, Utah), United Kingdom (Manchester) and India (Chennai) respectively. Ticketing, telephone and chat
NRENs will be able to use the DigiCert platform and issue certificates up to and including the 30th April 2020. After this date, it will be possible to revoke certificates but not add new organisations or issue certificates.
Q: Will it be possible to migrate data to Sectigo?
Yes, you can either:
- Use the "csv" option in the DigiCert interface to pull out organisational data and we can share this with Sectigo.
- use the DigiCert API to pull out data.
Q: Is State mandatory for Sectigo?
For now, State is mandatory and the European users are advised to out the city as the state and the validation team will correct anything that is wrong.
However, Sectigo is working on implementing the change per your concerns (to make State field not mandatory). No ETA at this time, but they have it as a High priority in their backlog.
Q: What are the Support Hours for Sectigo?
Sectigo staffs and operates 4 support centres globally in North America (Ottawa, Canada and Salt Lake City, Utah), United Kingdom (Manchester) and India (Chennai) respectively. Ticketing, telephone and chat service is available 365x7x24 in the English language, with multiple language capability available from our North American facility (Ottawa, Canada).
...
IdP must release the following information for Authentication certificates:
| displayName | urn:oid:2.16.840.1.113730.3.1.241 | Johnny Doe | USED for CN for Authentication certs. | ||||
| cn | urn:oid:2.5.4.3 | John Doe | fallback for CN for Authentication certs. | ||||
| sn | urn:oid:2.5.4.4 | Doe | fallback for CN for Authentication certs. required for email signing certs (used for CN). | ||||
| givenName | urn:oid:2.5.4.42 | John | fallback for CN for Authentication certs. required for email signing certs (used for CN). | ||||
urn:oid:0.9.2342.19200300.100.1.3 | johndoe@example.edu | yesrequired | |||||
eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | jd@example.edu | yesrequired | ||||
eduPersonEntitlement | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | urn:mace:terena.org:tcs:personal-user | yes | schacHomeOrganization | urn:oid:1.3.6.1.4.1.25178.1.2.9 | example.edu | required |
schacHomeOrganization | requiredyes |
Q: What is needed to validate an organisation?
The rules for validation are set by the CA/B Forum. The rules are as follows:
If the Subject Identity Information is to include the name or address of an organization, the CA SHALL verify the identity and address of the organization and that the address is the Applicant’s address of existence or operation. The CA SHALL verify the identity and address of the Applicant using documentation provided by, or through communication with, at least one of the following:
- A government agency in the jurisdiction of the Applicant’s legal creation, existence, or recognition;
- A third party database that is periodically updated and considered a Reliable Data Source;
- A site visit by the CA or a third party who is acting as an agent for the CA; or
- An Attestation Letter.
...
set by the CA/B Forum. The rules are as follows:
If the Subject Identity Information is to include the name or address of an organization, the CA SHALL verify the identity and address of the organization and that the address is the Applicant’s address of existence or operation. The CA SHALL verify the identity and address of the Applicant using documentation provided by, or through communication with, at least one of the following:
- A government agency in the jurisdiction of the Applicant’s legal creation, existence, or recognition;
- A third party database that is periodically updated and considered a Reliable Data Source;
- A site visit by the CA or a third party who is acting as an agent for the CA; or
- An Attestation Letter.
The CA MAY use the same documentation or communication described in 1 through 4 above to verify both the Applicant’s identity and address. Alternatively, the CA MAY verify the address of the Applicant (but not the identity of the Applicant) using a utility bill, bank statement, credit card statement, government-issued tax document, or other form of identification that the CA determines to be reliable.
For S/MIME certificates, the CA/B forum requires:
- Formal name of the Legal Entity;
- A registered Assumed Name for the Legal Entity (if included in the Subject);
- An organizational unit of the Legal Entity (if included in the Subject);
- An address of the Legal Entity (if included in the Subject);
- Jurisdiction of Incorporation or Registration of the Legal Entity; and
- Unique identifier and type of identifier for the Legal Entity.
Q: Where can I find maintenance and status information for the service?
...