...
Wildcard certificates can be requested using the normal processes. If you request a wildcard (e.g. *.geant.org) there's no need to also include geant.org in the request.
How Do I Request an IGTF OV Server Certificate?
Firstly, the organisation must be configured to enable IGTF certificates. A “Tags” button has been added to the Enterprise Information page (upper right corner). This can be used to toggle IGTF certificate issuance on.
...
For bulk requests the users receive an expiration notification only 30 days prior, from the CA, to their email address which is in the certificate. The email is like the following message.
The certificate with serial number xxxxxxxxxxxx, for the entity with Distinguished Name E=xxxxx@auth.gr, CN=Aristotle University of Thessaloniki, O=Aristotle University of Thessaloniki,L=Thessaloniki,C=GR, which has been issued by CN=HARICA S/MIME RSA SubCA R3, O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR, expires on 2025-05-14 10:14:45+03:00.
When the s/mime certificates from bulk requests will be registered to s/mime certificates tab also, then the users will receive an expiration notification 30, 15, 5 and 1 day prior from CertManager portal, to their email address which is in the certificate.
How do I order an IGTF Personal / Personal Automated certificate?
For users logging into CertManager via SSO, whose identity provider supplies both the eduPersonPrincipalName (ePPN) and the entitlement urn:mace:terena.org:tcs:personal-user, the following options will be
available:
•GÉANT Personal Authentication
•GÉANT Personal Automated Authentication
Additionally, if the Enterprise admin has enabled the IGTF-Organization tag, the GÉANT Organization Automated Authentication option will also be available.
As discussed, the SubjectDN will be automatically ASCII-fied. However, if a custom ASCII-fied name is required, an Enterprise admin may submit a request directly to HARICA support at support-tcs@harica.gr.
We will then update the custom value in the Name ASCII-fied field under their Enterprise, which will override the automated ASCII-fication.
Finally, Enterprise Admins can assign the Client Authentication Approver role to members. While no approvals are required for IGTF client authentication certificates, since they are issued automatically, these approvers will still have visibility into all certificate requests submitted within their Enterprise.