How do I acccess the HARICA service?

HARICA Cert Manager is available at: https://cm.harica.gr.  HARICA services can also be accessed via the API - API documentation can be found here: https://developer.harica.gr/ and https://guides.harica.gr/docs/Guides/Developer/1.-Register-and-log-in/

https://cm-stg.harica.gr/ can be used to test and get to know the service. 

How do I get support from HARICA?

Please use the following support address: support-tcs@harica.gr. 

What are the "levels" of authorisation called in the HARICA Service?

What is the onboarding process for HARICA?

The process is shown in the image below: 


Where can I find supporting material for HARICA?

There are detailed support guides available at: https://guides.harica.gr/

The following guides have also been created to explain the "Enterprise" workflow used for TCS: 

Is SAML Supported? 

TCS members that are also Identity Providers in eduGAIN must release the following attributes:

and may also release:

to the following HARICA EntityIDs:

Known issues:

Can I order EV Certificates?

EV certificates are NOT included in the HARICA TCS offer as we no longer see any value in supporting this certificate type as a default option. It is possible to purchase these (EV TLS) and other types of certificates (Code Signing, Qualified Electronic Signatures/Seals, QWACs) and remote signing services on an individual basis from HARICA if required for specific use cases.

Where can I find information about the HARICA roots?

This is available at: https://repo.harica.gr/rep_dyn

How Do I use ACME?

You will need to use: https://acme.harica.gr/TCS-DV/directory and to follow the instructions at: https://guides.harica.gr/docs/Guides/Server-Certificate/ACME-Instructions/.  You will also need the KeyID and HMAC key – please contact your NREN for this information. 

What Type of Certificate Do I Need?

Domain Validation (DV), Organisation Validation (OV) and Extended Validation (EV) certificates were designed to give a different level of confidence in the certificate types because the Certificate Authority carries out more stringent checks on the organisation requesting the certificate at each level.  Browsers used to signal this in the address bar, and the idea was the user could make different decisions based on this security level.  Placing this level of technical knowledge on the user has now been broadly debunked and this information is no longer prominently signalled.

For the same key size and encryption algorithm DV/OV/EV certs are indistinguishable in terms of encryption security.  In most popular browsers, there is now no easily visible difference between these certificate types unless the user looks deep into the certificate settings.  The increased levels of validation requirements also make automation harder, and with changes to certificate validity periods once more being discussed by the CA/B Forum, automation should now be considered essential by all organisations. 

For the majority of use cases, DV certificates should serve your purposes well.  You may find certain implementations or use cases still insist on OV or EV certificates and these can still be obtained via TCS (at an extra cost for EV), but we recommend using DV for most circumstances. 

Why Not Just Use Let's Encrypt?

Let's Encrypt is a great free service and works well for many use cases, but has some limitations that a managed service like TCS can help with.  This includes:

Why Is My Certificate Not Trusted?

If you are seeing an issue where a HARICA certificate shows as not trusted or not valid, this typically means that the system using the certificate does not have access to the root or intermediary certificate.  There's normally a way for these to be added - we suggest you contact the service owner or helpdesk for the service.  All roots and intermediaries can be found at: https://repo.harica.gr/rep_dyn

Some of examples of where we have found solutions to these problems:

Why won't my CSR upload?