You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »


  • When Geant provisions the Trusted Certificate Service to an NREN, an NREN 'division' is created. Simultaneously, a first administrator for the NREN division is invited by the DigiCert service. The NREN division just serves as a container for the subdivisions of its customers. It doesn't do much more. As soon as the NREN decides that a Subscriber (like University X) can start using the service, the NREN creates a sub-divisions for that Subscriber. Such a subscriber division is intended for a single legal entity (like a foundation, inc). Within a subsciber division, its administrator creates one or more organisation names (like 'SURFnet B.V.) belonging to the legal entity, as well as domains (like surfnet.nl). By introducing organisations and domains, the subscriber applies for validation by the DigiCert Validation department. Preferably first get your organisation name validated and only when that is done start with domains.

  • Some NREN customers consists of more than one legal entity, for example when an academic hospital is another legal entity than its university. In that case the customer should apply for a separate division. So one customer can have more than one division.

  • For most customers, SURFnet is validated by one organization sufficient. There are organizations that have very recognizable separate units under one legal entity. This is not meant faculties; Units that are Organisational. A few examples are the institutes of FOM (FOM, Differ, Nikhef and AMOLF) and the Foundation VU-VUmc (VU University and VU University Medical Center). You can try validating more in such cases Organizations by DigiCert. If in doubt, just contact us in advance with scs-ra@surfnet.nl.

  • Another reason for more that an organization wanting within a Division = entity is the existence of more than one common name or abbreviation. That will be accepted by DigiCert Validation as for example at the Chamber of Commerce more of those names have been registered (eg 'Tilburg University' as an alias of 'Tilburg University).

  • You can hang one domain to more than one of your organizations (already in testing there too troublesome bugs discovered).

  • For the users of TCS Comodo service eScience Personal Portal (as Atomic and Molecular Physics, LUMC, Nikhef, Groningen, University of Amsterdam, VU and WUR) enjoy a special reason to look for when choosing the Organization name. It is explained below by David Group. As one of the participants referred to SURFcertificaten still happy with the spelling of their name mentioned below, use it exactly the same. If a different spelling is preferred, then validate that the first, and then add a second Organisation increases with the eScience spelling (in 7-bit ASCII).Give eScience grid certificates only from among the eScience Organisation name.
     

  • The name of an organization's (pre) validated by DigiCert certificates before you can get for it. The name is based on data provided by the administrator. It has Specifically important That the NAME of the organization is EXACTLY the SAME as the particular tat was set in the Comodo service in the Confusa eScience Personal portal (s) --including the same capitalization.

    schacHomeOrg
    O =
    surfnet.nlSURFnet BV
    lumc.nlLeiden University Medical Center

    amc.nl

    		Academic Medical Center, University of Amsterdam
    wur.nlWageningen University and Research
    nikhef.nlNikhef
    maastrichtuniversity.nlMaastricht University
    sara.nlFoundation Academic Computing Centre Amsterdam
    vu.nlVU University Amsterdam

    tudelft.nl

    		Delft University of Technology
    rug.nlUniversity of Groningen
    eur.nlErasmus University Rotterdam
    tue.nlEindhoven University of Technology
    uva.nlUniversity of Amsterdam
    amolf.nlAMOLF
    terena.orgTERENA



  • Immediately after entering the Organization would you also for the types of certificates you want to be validated: Open the organization and click the 'submit for validation' button. All five (Organization Validated, eScience Grid, Extended Validation, Code Signing, Document Signing) enter at once is most useful, unless you described has entered a special eScience Organisation name above; you give eScience Grid course only to those referred Organisation for eScience.

  • After an Organization validated go there for the SSL certificates and associate Grid domains to. Ask only domain validation for domains that you own is the legal holder. You want to be well known by DigiCert; therefore verify yourself beforehand who the holder, for example in the whois:
  • For most domains you just want Organization Validated (OV) and Grid certificates aavragen. For your main domain, which you present yourself to the world that you will want to use Extended Validation. You want EV certainly not available to obscure units within your organization that is not present on behalf of your organization on the web. You would not let EV use by people who have the legal texts, especially the TCS Terms of Use do not want to read. You want to problems does not get into a fight with American liability parties.

  • Domain validation is currently in principle valid for 36 months; so there is no Domain Control Validation mail per certificate. That's very nice for instance spam filtering SURFcertificaten participants is rather yuck.

  • DigiCert does the one-time validation DCV with a burst mail to (part of) the infamous 7 adressenvan the domain admin, administrator, hostmaster, postmaster, webmaster, whois technical contact and WHOIS administrative contact. There are still opportunities to arrange DCV DNS records.
  • No labels