Getting Help

How do we get help with DigiCert portal, validation and certificate issues?

Use the Live Chat function at https://www.digicert.com/. If you cannot get the issue solved that way, contact SUNET TCS.

How do we contact SUNET TCS to get help or to report problems?

Email tcs@sunet.se after making sure that this FAQ list does not contain the answer.

Getting Information

Where do we find the Certificate Practice Statements and related documents?

At https://www.terena.org/activities/tcs/repository-g3/

Where do we find the the SUNET TCS Server Subscriber Agreement (version 2015.1)?

At https://tcs.sunet.se/info/sa-2015.html. As you can see, it contains the required legalese mandated in the model TCS Subscriber Agreement at the GÉANT document repository above.

Where do we find the GÉANT Association home pages for the new TCS?

For the moment, at https://wiki.terena.org/display/TCSNT/Trusted+Certificate+Service+%28new+TCS%29+Home. You will find information about the DigiCert portal there, as well as information learnt during the earlier testing phases.

What is the GÉANT Association?

It is the result of TERENA and DANTE joining forces. That also means that TCS now stands for Trusted Certificate Service, not TERENA Certificate Service. You may still see TERENA using in the certificate names, where it would hurt to change the names.

Where to we find information about SUNET TCS Personal?

FIXME!!!

Starting to Use the New System

We were members of the Comodo generation of SUNET TCS Server. How do we get access to the new system?

Follow the same procedure as those who were not members earlier (see next question).

We were not members of the Comodo generation of SUNET TCS Server. How do we get access to the new system?

Download SUNET TCS Server Subscriber Registration Form (version 3.0). Fill it in and send it (all pages) to the address stated at the end.We will create a division for you in the DigiCert portal. As part of that, your chosen admin contact gets an email from DigiCert and will be able to set his/her password. He/she will become the first administrator for your division. Make sure that person is available to handle the email before you apply.

How do we get the rest of our administrators added?

Your initial administatror can add more administrators using the Add User button under Account → Users. Do not forget to select the Administrator Role.

Gettting Validated

How do we get our organization validated for use?

Use the New Organization button under Certificates → Organizations. We recommend that you use your official Swedish name as Legal name. Do not fill in Assumed name. Use the most senior member of your TCS team as your Validation Contact.

You might want to check that the organization name you request is the one that is used for your organization in databases listing companies, government agencies etc (e.g. credit information sites like www.upplysning.se, ratsit.se, well-known search sites like www.eniro.se, www.hitta.se, etc.)

We recommend that you validate for all certificate types from start.You can read more at the GÉANT TCS Wiki page about Validation.

Can we have more than one organization validated?

Yes, you can. If your university is made up of several legal entities (companies, foundations etc) you might have to register more than one organization. However, you should not create organizations for departments, schools etc that are really part of the same legal entity as the university (or similar) as such.

How do we get our domains validated for use?

Use the Add Domain button under Certificates → Domains. The domain will be registered as belonging to an Organization you already added. Make sure that the domain is registered to that legal entity in the public databases (check with https://www.iis.se/ first for .se domains).You can enter one or more domains for validation while the organization validation is still pending.

What happens during validation?

DigiCert will use public databases and may also make phone calls and send emails to verify the provided information. Make sure that you are available for that the during the day.

Domain validation emails will be sent to a list of addresses based on the domain name (e.g. {admin,administrator,hostmaster,postmaster,webmaster}@yourdomain.se) as well as addresses registered in WHOIS databases. All addresses are used simultaneously, but you only need to act on one of the emails.

Verify that you can receive email to at least one of the fixed addresses above before submitting the domain for validation. As of 2015-04-01, the automatic DigiCert emails are sent from support@digicert.com or admin@digicert.com. Before contacting DigiCert or SUNET about emails not received, please check your spam filters.

What if the validation stalls?

During the test phase, DigiCert has validated our organizations and domains quickly. We expect that to be the case during production too. If the validation stalls with no detectable progress for a couple of hours, use the DigiCert Live Chat (see above) and ask them about the status.

What if they validate the wrong thing?

During the test phase, we have seen instances of DigiCert being "helpful" and changing the organization name when they found something similar to what you asked for, for example validating "University of Whatever Holding AB" instead of "University of Whatever". If that happens to you, use the DigiCert Live Chat (see above) to explain that they have made an error and ask them to correct it at once.

We want grid (e-Science) certificates and have an organization name containing å, ä or ö. Do we need to do something special?

Yes. As name components in grid (e-Science) certificates are not allowed to contain non-ASCII characters, you need to validate an additional organization with a name not containing the non-ASCII characters. For example, if you normal organization is "Linköpings universitet", you should also get "Linkopings universitet".

You should then be able to add the domain or domains you want grid (e-Science) certificates for under the new special organization.

Can we validate more than one administrator for EV?

Yes! Go to Certificates → Organizations and select the right organization. Then click Submit for Validation. In the popup, check "EV" and select the right adminstrator as "EV Verified User". Then click Submit for Validation again.