You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

How do I acccess the HARICA service?

HARICA Cert Manager is avaialble at: https://cm.harica.gr.  HARICA services can also be accessed via the API - API documentation can be found here: https://developer.harica.gr/

https://cm-stg.harica.gr/ can be used to test and get to know the service. 

How do I get support from HARICA?

Please use the following support address: support-tcs@harica.gr. 

What are the "levels" of authorisation called in the HARICA Service?

  • Enterprise Manager = NREN Staff.
  • Enterprise Admin = Organisational Staff with authorisation.

What is the onboarding process for HARICA?

The process is shown in the image below: 


Where can I find supporting material for HARICA?

There are detailed support guides available at: https://guides.harica.gr/

The following guides have also been created to explain the "Enterprise" workflow used for TCS: 

Is SAML Supported? 

TCS members that are also Identity Providers in eduGAIN must release the following attributes:

  • givenName
  • sn
  • email
  • edupersonTargetedID

and may also release:

  • eduPersonPrimaryAffiliation
  • eduPersonPrincipalName (required by GEANT for GRID Client Authentication Certificates)
  • eduPersonEntitlement (values TBD)

to the following HARICA EntityIDs:

Known issues:

  • Multiple values in the mail attribute is currently not supported. 

Can I order EV Certificates?

EV certificates are NOT included in the HARICA TCS offer as we no longer see any value in supporting this certificate type as a default option.  It will be possible to purchase these on an individual basis from HARICA if required for specific use cases.

Where can I find information about the HARICA roots?

This is available at: https://repo.harica.gr/rep_dyn

How Do I use ACME?

You will need to use: https://acme.harica.gr/TCS-DV/directory and to follow the instructions at: https://guides.harica.gr/docs/Guides/Server-Certificate/ACME-Instructions/.  You will also need the KeyID and HMAC key – please contact nicole.harris@geant.org for this information.  Note this currently supports ECDSA, if there is a need for an RSA endpoint please inform the TCS service manager. 


  • No labels