Versions Compared

Old Version 1

changes.mady.by.user Alessandra Scicchitano

Saved on

compared with

New Version Current

changes.mady.by.user Teun Nijssen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Added

  • My Division: you find naming data about your NREN if you use an NREN account; and about your subscriber if you are logged into a subscriber account. You can update naming and upload your logo. The info you find here is mainly descriptive. The much more important naming of organisations is handled in Validation.

  • Divisions: an NREN administrator can create and manage new subscriber divisions. From here you can also inactivate a division that you no longer want to remain valid; for example when a subscriber ceases to exist or terminates his contract with an NREN.
  • Users: From here administrators can create new users and manage the already existing ones. The new users will receive an email from DigiCert with the link to the page where to set their own password and data. Note that all administrators can approve or reject certificate requests and revocation requests

Under Account, you will find the following topics

Image Removed

  • In My Division shows how SURFnet instituted your data. The request is for the descriptive text is not wijzigen.De Division on the legal entity (for example, the Catholic University of Brabant); Organization name (for example, Tilburg University) is discussed under Validation. If you are a good and not too large logo has, then upload that in My Division.

    Without consulting scs-ra@surfnet.nl Please do not make use of

  • Guest URLs that anyone can apply for such URL burnt out certificates to administrators; this is very risky

    • API keys that are required only if you are outside the portal to want to program.
    Under Authentication Settings can be adjusted 2 Factor Authentication settings (2FA). Personal client certificates and One Time Passwords a la Google Authenticator is available. The functionality was added in February 2015. In early March it does not work for non-administrator users. For admins works such as Google Authenticator and specially created DigiCert personal certificates. Advice is to turn 2FA per person, not for the division once, let alone for the whole account. You do not inadvertently exclude all admins at once if you make a mistake ...
    Image RemovedImage RemovedIn " Users "can someone administrator for other people is to create an account; they receive from DigiCert a mail which they set their own password and such data.
    All administrator accounts can approve or reject certificate requests. User accounts can only submit requests.  The private administrators (not that SURFnet) receive an email alert and able to handle the request.
    If the If a username should be allowed to treat Extended Validation SSL certificates make sure that both the fields Phone (phone number) and Title (function name)  both are completed then such a user can be nominated by DigiCert (validated) for the treatment of Extended Validation SSL certificates. The procedure requires are correctly filled. If either field is empty, the user cannot do EV work.
  • The regular procedure to validate such a user for EV includes a phone call from DigiCert
    • Validation from Utah
  • .
    •  That
  •  This call goes to
    • your
  • the formal number
    • (usually the telephone exchange) and can go from there along HRM / Personnel: "do you have an employee named van der Harst who works as a Product Manager?" Make
  • of the Institution and commonly via to Human Resource department). DigiCert Validation will ask confirmation whether there is indeed an employee with that name that works under that Title. Make sure that the function name you provide is the correct one.
    •  Give someone
  •  
  • Suggestions: Give to somebody an administrator account only if it is a trusted expert. Give to as few people as possible EV admin rights.
    •  Penetrating the legal requirement that everyone 
  •  Make sure that the click-through 'TCS Terms of Use' has been thoroughly read
    • . You do not want to fight American organizations in a liability end up.
  • by everybody.
    • The nomination of an EV Administrator done from the main menu 
  • Requesting EV validation for an administrator is done from the Validation menu:

  • Validation → Organizations → Manage → Submit for Validation.

  • We strongly recommend to not make use of

    • Guest URLs that anyone can use to issue certificates. Any form of check is completely bypassed when using Guest URLs. 

    • API keys unless you want to program your own interface.

  • Under Authentication Settings you can enable the two factors of authentication for login (2FA). Both client certificates and One Time Passwords (OTP) are available.  Refer to the DigiCert Two-Factor Authentication section in the user guide (Documentation section in this wiki) for more info. Switch on 2FA by individual user, not for your entire division or entire account; and also one by one. So if one admin locks himself out of the service, another admin can solve the problem. You can click '30 day' caching of a two factor authentication for the computer you are logging into. If its IP address changes or cookies get lost you need re-authentication.

    Image AddedImage Added