...
- Issuing CA for GEANT OV TLS (ECC): CN=GEANT TLS ECC 1,O=Hellenic Academic and Research Institutions CA,C=GR
- Cross-signed Intermediate Root CA for GEANT OV TLS (ECC): CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR (for maximum compatibility applications, otherwise do not include in chain)
Just in case you obtained an OV certificate before mid-February 2025 from the 'generic' TLS issuer:
- Issuing CA for HARICA OV TLS (RSA): CN=HARICA OV TLS RSA,O=Hellenic Academic and Research Institutions CA,C=GR
- Issuing CA for HARICA OV TLS (ECC): CN=HARICA OV TLS ECC,O=Hellenic Academic and Research Institutions CA,C=GR
- use the same cross-signed intermediate Root CA (RSA and ECC respectively) as for the GEANT-specific issuer if needed (see above)
To create the 'CertificateChainFile' for Apache, concatenate the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety), and specify this file in the Apache mod_ssl configuration. For Nginx in the ssl_certificate directive in the http {} section, you would include your server certificate (downloaded from CM), the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety) in that order in a single file. The private key goes (separately) in the file specified under ssl_certificate_key .
| Note | ||
|---|---|---|
| ||
Note: in case you obtained an OV certificate before March 6, 2025, you will have received server certificates signed by the 'generic' HARICA TLS issuer:
|
Policy Management Authority
...