My Division: you find all the naming data related to your NREN. Here you can also modify them about your NREN if you use an NREN account; and about your subscriber if you are logged into a subscriber account. You can update naming and upload your logo
. The info you find here are is mainly descriptive. The much more important naming of organisations is handled in Validation.
- Divisions: you an NREN administrator can create and manage new subscriber divisions. From here you can also inactive inactivate a division that is you no longer want to remain valid; for example when a subscriber ceases to exist or terminates his contract with an NREN.
- Users: From here administrators can create new users and manage the already existing ones. The new users will receive an email from DigiCert with the link to the page where to set their own password and data.
All administrator accounts Note that all administrators can approve or reject certificate requests and revocation requests. User accounts can only submit requests. The private administrators (not that SURFnet) receive an email alert and able to handle the request.
If the If a username should be allowed to treat Extended Validation SSL certificates make sure that both the fields Phone (phone number) and Title (function name) both are completed then such a user can be nominated by DigiCert (validated) for the treatment of Extended Validation SSL certificates. The procedure requires are correctly filled. If either field is empty, the user cannot do EV work. - The regular procedure to validate such a user for EV includes a phone call from DigiCert Validation from Utah
- . That
- This call goes to your
- the formal number (usually the telephone exchange) and can go from there along HRM / Personnel: "do you have an employee named van der Harst who works as a Product Manager?" Make
- of the Institution and commonly via to Human Resource department). DigiCert Validation will ask confirmation whether there is indeed an employee with that name that works under that Title. Make sure that the function name you provide is the correct one. Give someone
- Suggestions: Give to somebody an administrator account only if it is a trusted expert. Give to as few people as possible EV admin rights. Penetrating the legal requirement that everyone
- Make sure that the click-through 'TCS Terms of Use' has been thoroughly read . You do not want to fight American organizations in a liability end up.
- by everybody. The nomination of an EV Administrator done from the main menu
- Requesting EV validation for an administrator is done from the Validation menu:
Validation → Organizations → Manage → Submit for Validation.
We strongly recommend to not make use of
Guest URLs that anyone can use to issue certificates. Any form of check is completely by passed bypassed when using Guest URLs.
API keys unless you want to write program your own interface.
Under Authentication Settings you can enable the two factors of authentication for login (2FA). Both client certificates and One Time Passwords (OTP) are available. Refer to the DigiCert Two-Factor Authentication section in the user guide in the document section for more info. (Documentation section in this wiki) for more info. Switch on 2FA by individual user, not for your entire division or entire account; and also one by one. So if one admin locks himself out of the service, another admin can solve the problem. You can click '30 day' caching of a two factor authentication for the computer you are logging into. If its IP address changes or cookies get lost you need re-authentication.
