Versions Compared

Old Version 68

changes.mady.by.user Kent Engström

Saved on

compared with

New Version 69

changes.mady.by.user Kent Engström

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Edit your organization object and set "Secondary Organization Name" to the name used in grid certificates (with åäö transcribed correctly to ASCII if needed, and with the same upper/lowercase conventions that you have used before with DigiCert). Please check existing certificates if you are unsure or as a last resort, ask us at SUNET TCS to help you check. As grid certificate subjects are used as "usernames" in systems, it is vital that the whole subject string is kept as it was before for your users.
  • Email tcs@sunet.se about this so that we can ask for a validation of the secondary name as you cannot perform this step yourself.

Configuring your relying servers

For the "normal" client certificates, you should not need to configure anything.

For the grid/IGTF certificates, make sure that your servers have an up-to-date IGTF Trust Anchor Distribution that includes trust for "/C=NL/O=GEANT Vereniging/CN=GEANT eScience Personal CA 4" (for example found in the ca_GEANTeSciencePersonalCA4-1.105-1.noarch.rpm or newer RPM package)

Using the portal

The instructions here are geared towards certificate-aware RAOs. You may need to expand on this when providing instructions for your end users, for example by showing them where to import certificates in your supported web browsers, etc.

...

We recommend Qualys SSL Server Test which tests this and and a lot of other useful things (most of them related to you server configuration, not the certificates as such). For the chain specifically, look at the "Chain issues" heading where you want to see "None" (if you have trimmed the unnecessary certificates from the chain) or "Contains anchor" (if you have kept the full set).