TCS 2025 FAQ

How do I acccess the HARICA service?

HARICA Cert Manager is avaialble at: https://cm.harica.gr.  HARICA services can also be accessed via the API - API documentation can be found here: https://developer.harica.gr/. 

https://cm-stg.harica.gr/ can be used to test and get to know the service. 

How do I get support from HARICA?

Please use the following support address: support-tcs@harica.gr. 

What are the "levels" of authorisation called in the HARICA Service?

• Enterprise Manager = NREN Staff.
• Enterprise Admin = Organisational Staff with authorisation.

What is the onboarding process for HARICA?

The process is shown in the image below: 

Where can I find supporting material for HARICA?

There are detailed support guides available at: https://guides.harica.gr/. 

The following guides have also been created to explain the "Enterprise" workflow used for TCS: 

• Enterprise Manager Guide
• Enterprise Admin Guide
• Enterprise Approver Guide

Is SAML Supported? 

TCS members that are also Identity Providers in eduGAIN must release the following attributes:

• givenName
• sn
• email
• edupersonTargetedID

and may also release:

• eduPersonPrimaryAffiliation
• eduPersonPrincipalName (required by GEANT for GRID Client Authentication Certificates)
• eduPersonEntitlement (values TBD)

to the following HARICA EntityIDs:

• PRODUCTION
• “https://www.harica.gr/simplesamlphp/module.php/saml/sp/metadata.php/pki-grnet-sp”
• STAGING:
• “https://cm-stg.harica.gr/simplesamlphp/module.php/saml/sp/metadata.php/harica-cm-stg-sp”
• DEV:
• “https://cm-dev.harica.gr/saml/module.php/saml/sp/metadata.php/harica-cm-dev-sp”.

Known issues:

• Multiple values in the mail attribute is currently not supported. 

Can I order EV Certificates?

EV certificates are NOT included in the HARICA TCS offer as we no longer see any value in supporting this certificate type as a default option.  It will be possible to purchase these on an individual basis from HARICA if required for specific use cases.

Where can I find information about the HARICA roots?

This is available at: https://repo.harica.gr/rep_dyn. 

How Do I use ACME?

You will need to use: https://acme.harica.gr/TCS-DV/directory and to follow the instructions at: https://guides.harica.gr/docs/Guides/Server-Certificate/ACME-Instructions/.  You will also need the KeyID and HMAC key – please contact nicole.harris@geant.org for this information.  Note this currently supports ECDSA, if there is a need for an RSA endpoint please inform the TCS service manager.