All documentation for the TCS will be added here. We are working to update the specific TCS Practice Statements, until further notice the Technical Addendum for the 5th generation TCS server augments the existing TCS CPS documents (both for Server and Personal certificates). Products not described therein are subject to the provider (HARICA) CP and CPS:
Table of Contents
The following GEANT TCS specific practices and technical addenda are applicable to the 5th generation TCS service:
The Technical Addendum is an integral part of the CPS document suite and augments the TCS CPS for both Server and Personal certificates.
Certificate revocation lists for each of these CAs:
The OCSP end-point for the GEANT TCS private CAs is http://ocsp.geant-prv.harica.gr
For the RSA certificate chain
For the ECC certificate chain
Just in case you obtained an OV certificate before mid-February 2025 from the 'generic' TLS issuer:
To create the 'CertificateChainFile' for Apache, concatenate the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety), and specify this file in the Apache mod_ssl configuration. For Nginx in the ssl_certificate directive in the http {} section, you would include your server certificate (downloaded from CM), the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety) in that order in a single file. The private key goes (separately) in the file specified under ssl_certificate_key .
The GEANT TCS Policy Management Authority consists of PKI policy experts appointed by GÉANT, the contracting party for the TCS. The TCS PMA members oversee the TCS CPS texts. For efficiency purposes, TCS PMA membership is restricted to a limited number of participants selected from the community. GÉANT is ultimately responsible for the TCS PMA membership.