...
Info | ||
---|---|---|
| ||
Due to changes in the industry standards (CA/Browser Forum), dedicated client authentication certificates will be introduced by TCS by mid-August 2023. These are issued from a private trust hierarchy ("Research and Education Trust") and cannot be used for digitally signing emails ("S/MIME"). At the same time, the subject naming of email signing "S/MIME" certificates will change significantly - you cannot and must not rely on subject name uniqueness for these email signing certificates, and they must not be used for authentication purposes. Make sure to install the "Research and Education Trust" roots, and (depending on the application) also the "GEANT TCS Authentication (RSA|ECC) CA 4B" on the server-side to continue supporting client authentication! |
Table of Contents | ||||
---|---|---|---|---|
|
Public Trust Roots
Trust anchor name | Key technology | Certificate | CRL Distribution Point | meta-data | Trust purposes |
---|---|---|---|---|---|
USERTrust RSA Certification Authority | RSA4096/SHA384 | https://crt.sh/?id=1199354 | http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl | info-file | any |
USERTrust ECC Certification Authority | ECC P384/SHA384 | https://crt.sh/?id=2841410 | http://crl.usertrust.com/USERTrustECCCertificationAuthority.crl | info-file | any |
...
Installing these roots is required for use of the Private Authentication Intermediate (issuing) Authority certificates!
Trust anchor name | Key technology | Certificate | CRL Distribution Point | meta-data | Trust purposes |
---|---|---|---|---|---|
Research and Education Trust RSA Root CA | RSA4096/SHA384 | https://www.nikhef.nl/~davidg/tcsg4/ca_ResearchandEducationTrustRSARootCA.crt | http://crl.enterprise.sectigo.com/ResearchandEducationTrustRSARootCA.crl | info-file | IGTF, Client Authentication |
Research and Education Trust ECC Root CA | P-384/SHA384 | https://www.nikhef.nl/~davidg/tcsg4/ca_ResearchandEducationTrustECCRootCA.crt | http://crl.enterprise.sectigo.com/ResearchandEducationTrustECCRootCA.crl | info-file | IGTF, Client Authentication |
Private Authentication Intermediate (issuing) Authority certificates
Installation of the corresponding Private Research and Education Trust Roots is required for these issuing intermediates to be trusted in your application!
Trust anchor name | Key technology | Certificate | CRL Distribution Point | meta-data | Trust purposes |
---|---|---|---|---|---|
GEANT TCS Authentication RSA CA 4B | RSA4096/SHA384 | https://www.nikhef.nl/~davidg/tcsg4/ca_GEANTTCSAuthenticationRSACA4B.crt | http://crl.enterprise.sectigo.com/GEANTTCSAuthenticationRSACA4B.crl | info-file | IGTF, Client Authentication |
GEANT TCS Authentication ECC CA 4B | P-384/SHA384 | https://www.nikhef.nl/~davidg/tcsg4/ca_GEANTTCSAuthenticationECCCA4B.crt | http://crl.enterprise.sectigo.com/GEANTTCSAuthenticationECCCA4B.crl | info-file | IGTF, Client Authentication |