This short guide may help you understand which certificate types are available to you via Sectigo.

TypeExplanationOrder Process
GÉANT OV Certificates

Standard SSL certificates offering verified to Organisation Validation level.  These can be multi-domain.

Order via your cert manager portal (https://cert-manager.com/customer/<YOURNREN>) or set up an enrollment form for users.

These can also be ordered via ACME.

GÉANT EV CertificatesStandard SSL certificates offering verified to Extended Validation level.  These can be multi-domain.

Order via your cert manager portal (https://cert-manager.com/customer/<YOURNREN>) or set up an enrollment form for users. 

These can also be ordered via ACME. 

Wildcard CertificatesThese all multiple sub-domains to be covered by one certificate.  Note, these are only available as OV, it is impossibe to have an EV wildcard certificate.

Order via your cert manager portal (https://cert-manager.com/customer/<YOURNREN>) or set up an enrollment form for users. 

These can also be ordered via ACME. 

GÉANT IGTF MultidomainThese are eScience Server Certificates that specifically met the requirements for eScience use cases set out by the IGTF.


Order via your cert manager portal (https://cert-manager.com/customer/<YOURNREN>) or set up an enrollment form for users.

ACME profiles are not currently available for these certificate types.

GÉANT Organisation email signingThese can be used to allow S/MIME for non-personal email accounts.   Cannot be ordered via SAML as group accounts should not have SAML credentials.

Order via invite to the relevant email address in your cert manager instance: https://cert-manager.com/customer/<YOURNREN>.

GÉANT Personal email signing and encryptionThis is for all typical S/MIME use cases where a person needs to sign and encrypt email.  Validation of the individual must be HIGH.  Can ONLY be ordered via SAML as this helps us achieve the required user validation level.Order via the SAML portal, this can be accessed at: https://cert-manager.com/customer/<YOURNREN>/idp/clientgeant/
Document Signing CertificatesAllows secure signing of pdfs and other appropriate document formats.  Please note that normal S/MIME certificates should never be used for document signing purposes.It is currently possible to order Document Signing Certificates on a preconfigured USB token from Sectigo.  These can be ordered here: https://www.sectigo.com/ssl-certificates-tls/document-signing-certificates.  Participants can use the following discount code which will only charge you for the token and not the certificate itself: QQY1XB49V9. 
OV Code Signing CertificatesAllows developers to digitally sign applications, drivers, executables and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party.To order an OV Code Signing certificate on a device configured by Sectigo please order at https://www.sectigo.com/ssl-certificates-tls/code-signing and use discount code 2GE8AFN0T1. 
EV Code Signing CertificatesAllows developers to digitally sign applications, drivers, executables and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party.Similarly to document signing certificates, EV Code Signing Certificates need to be provided on a preconfigured USB token from Sectigo.  These can be ordered here: https://www.sectigo.com/ssl-certificates-tls/code-signing using discount code: 3GE5YPN6T8. 
GÉANT Personal Automated AuthenticationProvides secure client authentication for software agents and processes running under your control, and authenticate these to e-Infrastructure services. Should ONLY be used in relevant IGTF use cases. Note these are private trust certificates so you must install the appropriate roots.Order via the SAML portal, this can be accessed at: https://cert-manager.com/customer/<YOURNREN>/idp/clientgeant
GÉANT Personal AuthenticationProvides client authentication, enables you to authenticate yourself (for example, certificate authentication in web browsers).  Note these are private trust certificates so you must install the appropriate roots. Order via the SAML portal, this can be accessed at: https://cert-manager.com/customer/<YOURNREN>/idp/clientgeant
GÉANT Organisation Automated AuthenticationSimilar to the GÉANT Organisation email signing but for use in IGTF use cases.  Replaces the old IGTF robot approach. Note these are private trust certificates so you must install the appropriate roots. 

Order via invite to the relevant email address in your cert manager instance: https://cert-manager.com/customer/<YOURNREN>.

  • No labels