Versions Compared

Old Version 13

changes.mady.by.user David Groep

Saved on

compared with

New Version Current

changes.mady.by.user David Groep

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

Table of Contents
minLevel3

...

The OCSP end-point for the GEANT TCS private CAs is http://ocsp.geant-prv.harica.gr 

Root and Intermediate for server (TLS) certificates

For the RSA certificate chain

For the ECC certificate chain

Installation in Apache httpd's mod_ssl

To create the 'SSLCertificateChainFile' for Apache, concatenate the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety), and specify this file in the Apache mod_ssl configuration.

The server certificate itself goes into a separate file ('SSLCertificateFile') in PEM format, and the private kay also in its own file ('SSLCertificateKeyFile').

Installation in Nginx

For Nginx in the ssl_certificate directive in the http {} section, you would include your server certificate (downloaded from CM), the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety) in that order in a single file. The private key goes (separately) in the file specified under ssl_certificate_key .

Note
titleObtained your TLS server certificate before March 6?

Note: in case you obtained an OV certificate before March 6, 2025, you will have received server certificates signed by the 'generic' HARICA TLS issuer:

Policy Management Authority

...