You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Sunet TCS

This is for administrators at SUNET TCS members for the 2020- "Sectigo generation" of the SUNET TCS service.

For the 2015-2020 "DigiCert generation" of the SUNET TCS Service, please see SUNET TCS 2015-2020 FAQ for administrators. End users, please see SUNET TCS documentation at your organization.

Getting help

Help from SUNET TCS

Email tcs@sunet.se after making sure that this document does not contain the answer to your question or a solution to your problem.

Help from Sectigo Support

If instructed by SUNET TCS or this document, contact Sectigo Support using https://sectigo.com/support-ticket with your support question/problem. Unless instructed otherwise, select "SCM Support" as the reason for the ticket. In the description, include a line saying "We are a SUNET member of the GEANT TCS service, using the https://cert-manager.com/customer/sunet SCM instance."

Sectigo Documentation

Sectigo documentation can be found at https://support.sectigo.com/Com_KnowledgeProductPage?c=Sectigo_Certificate_Manager_SCM

Some highlights:

  • "SCM - Sectigo® Certificate Manager Quick Start Guide" is a short introduction to the SCM system
  • "SCM - Sectigo Certificate Manager Administrator's Guide" is the very much longer description
  • "SCM - Sectigo Certificate Manager REST API" describes the REST API

Differences from the DigiCert generation 2015-2020

New vendor, new web interface

Sectigo is the new vendor for TCS instead of DigiCert. We are using their Sectigo Certificate Manager (SCM) instead of DigiCert CertCentral. The rest of this section describes the most important changes you need to understand.

No "division" objects in the new system

There is no concept of divisions in SCM as there was in DigiCert CertCentral.

  • SUNET TCS has an instance of SCM at https://cert-manager.com/customer/sunet which is used by all SUNET TCS administrators (at your level and at the SUNET "superuser" level) but not by GEANT TCS members from other countries.
  • At the SUNET level, we cannot just create a division for a SUNET TCS member and ask you to create an organization object yourselves with all relevant information, as you did in CertCentral. We have to create an Organization in the system to be able to add you. See below for more practical information on how you join.
  • If you need to validate another organization (due to the need to have something different in the O= field of the certificates), that new organization will be "at the same level" as your original organization and there is no division that contains them. You will have acess to both organization due to the fact that we/you will add the same admins for both organizations.

No "User level users"

In DigiCert CertCentral, there were two basic kind of users: "Administrators", who could order/approve certificates, change settings and do other admin level stuff, and "Users" who could only request certificates (but who were nevertheless authenticated by logging into CertCental just like the Administrators).

In the SCM, there are basically only Administrator level users. In fact, the SCM does not talk about users, it talks about admins. That means that you cannot have users logging in to the SCM who can only request certificates. See below under "SSL certificates" for solutions to this.

  • No labels