Requests for Host/User certificate procedure

(Timothy Carr) #1

Hi All,

Whats the official procedure to request host/user certificates? We make use of the Sectigo CA which use to be called " Comodo ". Sectigo is not part of the IGTF and therefore the certificates are not trusted or are they? Maybe I am missing something. I suppose what I am asking for is a way to have my host certificates verified for a number of services I plan to commission.

Anyone know the correct procedure? @msalle or David Groep ?

Cheers Tim

(Bruce Becker) #2

@Timothy_Carr you might want to mention that your need isn’t covered by TCS or the Catch-All CA. If I remember correctly, this problem was discussed recently in a similar case where the CA was having problems - @baptiste might recall the details.

(Mischa Salle) #3

Hi @Timothy_Carr,

if you need a CA that is trusted both by your ‘native’ OS and is in IGTF, you have very little choice. This was one of the main motivations for the TERENA eScience SSL CA for host certs.

Depending on your scenario, either ‘native OS’ or ‘IGTF’ could be sufficient. For example are your services also contacted by grid services or only by endusers?

If you really need a CA supporting both, perhaps someone else could request the TCS cert for you (that depends on where and how they are running I guess). I’m not the expert on the Catch-All CA, so I don’t know whether that’s supported by both browsers and is in IGTF.