All documentation for the TCS will be added here. We are working to update the specific TCS Practice Statements, until further notice the Technical Addendum for the 5th generation TCS server augments the existing TCS CPS documents (both for Server and Personal certificates). Products not described therein are subject to the provider (HARICA) CP and CPS:
- HARICA Certificate Practice Statement
- HARICA Subscriber Agreement
- HARICA Privacy Notice
- HARICA Repository and authority meta-data
Table of Contents
Certificate Practice Statements and Addenda
The following GEANT TCS specific practices and technical addenda are applicable to the 5th generation TCS service:
The Technical Addendum is an integral part of the CPS document suite and augments the TCS CPS for both Server and Personal certificates.
Private Root and Issuing Authorities (5th generation TCS)
Certificate revocation lists for each of these CAs:
- Research and Education Trust RSA Root CA 5: CRL http://crl.geant-prv.harica.gr/GEANT-TCS-Root-R5.crl
- Research and Education Trust ECC Root CA 5: CRL http://crl.geant-prv.harica.gr/GEANT-TCS-Root-E5.crl
- GEANT TCS Authentication RSA CA 5: CRL http://crl.geant-prv.harica.gr/GEANT-TCS-Client-Auth-R5.crl
- GEANT TCS Authentication ECC CA 5: CRL http://crl.geant-prv.harica.gr/GEANT-TCS-Client-Auth-E5.crl
The OCSP end-point for the GEANT TCS private CAs is http://ocsp.geant-prv.harica.gr
Root and Intermediate for server (TLS) certificates
For the RSA certificate chain
- Issuing CA for GEANT OV TLS (RSA): CN=GEANT TLS RSA 1,O=Hellenic Academic and Research Institutions CA,C=GR
- Cross-signed Intermediate Root CA for GEANT OV TLS (RSA): CN=HARICA TLS RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR (for maximum compatibility applications, otherwise do not include in chain)
For the ECC certificate chain
- Issuing CA for GEANT OV TLS (ECC): CN=GEANT TLS ECC 1,O=Hellenic Academic and Research Institutions CA,C=GR
- Cross-signed Intermediate Root CA for GEANT OV TLS (ECC): CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR (for maximum compatibility applications, otherwise do not include in chain)
Just in case you obtained an OV certificate before mid-February 2025 from the 'generic' TLS issuer:
- Issuing CA for HARICA OV TLS (RSA): CN=HARICA OV TLS RSA,O=Hellenic Academic and Research Institutions CA,C=GR
- Issuing CA for HARICA OV TLS (ECC): CN=HARICA OV TLS ECC,O=Hellenic Academic and Research Institutions CA,C=GR
- use the same cross-signed intermediate Root CA (RSA and ECC respectively) as for the GEANT-specific issuer if needed (see above)
Policy Management Authority
The GEANT TCS Policy Management Authority consists of PKI policy experts appointed by GÉANT, the contracting party for the TCS. The TCS PMA members oversee the TCS CPS texts. For efficiency purposes, TCS PMA membership is restricted to a limited number of participants selected from the community. GÉANT is ultimately responsible for the TCS PMA membership.