Page History

...

Please use the following support address: support-tcs@harica.gr. 

What certiicates are available via HARICA?

Please see: TCS Certificate Types 2025

What are the "levels" of authorisation called in the HARICA Service?

...

• Enterprise Manager Guide
• Enterprise Admin Guide
• Enterprise Approver Guide

Is SAML Supported? 

TCS members that are also Identity Providers in eduGAIN must release the following attributes:

• givenName (oid:2.5.4.42)
• surname (oid:2.5.4.4)
• mail (oid:0.9.2342.19200300.100.1.3)
• edupersonTargetedID (oid:1.3.6.1.4.1.5923.1.1.1.10)

and may also release:

• eduPersonPrimaryAffiliation (oid:1.3.6.1.4.1.5923.1.1.1.5)
• eduPersonPrincipalName (required by GEANT for IGTF Personal Certificates) (oid:1.3.6.1.4.1.5923.1.1.1.6)
• eduPersonEntitlement (required for IGTF Personal Certificates) (oid:1.3.6.1.4.1.5923.1.1.1.7)
• Make sure you only send the values associated with TCS to HARICA SPs. Use "urn:mace:terena.org:tcs:personal-user" to signal permission to issue IGTF Personal Certificates
• schacHomeOrganization (oid:1.3.6.1.4.1.25178.1.2.9),

to the following HARICA EntityIDs:

• PRODUCTION
• “https://www.harica.gr/simplesamlphp/module.php/saml/sp/metadata.php/pki-grnet-sp”
• Test attribute release via https://cm.harica.gr/loginsaml/test.php
• STAGING:
• “https://cm-stg.harica.gr/simplesamlphp/module.php/saml/sp/metadata.php/harica-cm-stg-sp”
• Test attribute release via https://cm-stg.harica.gr/loginsaml/test.php
• DEV:
• “https://cm-dev.harica.gr/saml/module.php/saml/sp/metadata.php/harica-cm-dev-sp”
• Test attribute release via https://cm-dev.harica.gr/loginsaml/test.php

...

Can I order EV Certificates?

EV certificates are NOT included in the HARICA TCS offer as we no longer see any value in supporting this certificate type as a default option. It is possible to purchase these (EV TLS) and other types of certificates (Code Signing, Qualified Electronic Signatures/Seals, QWACs) and remote signing services on an individual basis from HARICA if required for specific use cases.

Where can I find information about the HARICA roots?

...

• Outlook app for ios does not trust certificate? This might be helpful: https://techcommunity.microsoft.com/blog/exchange/how-to-configure-smime-in-office-365/584516. 
• The Java key store only has the 2015 HARICA intermediates built in - make sure these are updated to the 2021. 
  

Why won't my CSR upload? 

...

• This will make a new ACME button available to all users in the left menu to manage ACME accounts. When using Personal ACME, a DNS-01 or HTTP-01 challenge must be performed for each certificate and the HMAC key must be specified.

Why do I need to provide identity documentation for IV+OV certificates?

This can be avoided by agreeing to "Automated S/MIME Certificate Issuance via SAML Entitlement" permissions under the Enterprise information page.  This will only be possible for SAML-enabled accounts as the SAML information is taken as equivalent to the identity vetting done by the CA. 

Image AddedImage Added