Certification Service
CS
Support and Contacts
+06 4962 2000
+39 050 221 3158
Other contacts
For membership requests, support, technical issues, and admin account management, please write to:
For general questions about using the platform, types of certificates, their creation, and usage, use the mailing list:
Subscription to the mailing list is managed by GARR CS and is reserved for Registration Authority Officers and Department Registration Authority Officers appointed by each organization.
GARR CS (Certification Service)
The GARR Certification Service provides free digital certificates, both personal and server types, to all institutions connected to the GARR network.
These certificates are issued by the Certification Authority Sectigo through the GEANT Trusted Certificate Service
GARR participates in the Trusted Certificate Service (TCS) promoted by Géant for the benefit of European research networks
TYPES OF CERTIFICATES ISSUED
GARR participates in the Trusted Certificate Service (TCS)M promoted by Géant for the benefit of European research networks.
Through this service, GARR provides its community with digital x.509 certificates (also available in e-Science version, valid for authentication on GRID resources) issued by one of the major commercial Certification Authorities: Sectigo Limited, automatically recognized by nearly all existing web browsers.
-
SSL certificates: for server authentication and securing sessions with clients;
-
GRID certificates: for server and Grid service authentication (IGTF compliant);
-
Personal certificates and personal GRID certificates: for user authentication and securing email communications;
-
Code signing certificates: for software signing;
-
Document signing certificates: for authenticating documents created with Adobe PDF, Microsoft Office, OpenOffice, and LibreOffice.
Server TCS certificates
SERVER CERTIFICATE GENERATION
As of May 1, 2020, the service provider for TCS is Certification Authority Sectigo Limited.
For generating certificate requests (CSRs), refer to the instructions provided by GARRCS
For submitting certificate requests, refer to the Registration Authority Officers at your organization.
REFERENCES
Personal TCS Certificates
REQUEST AND RENEWAL OF PERSONAL CERTIFICATES
Users can request and renew personal and personal grid certificates by accessing the dedicated Sectigo website for GARR. You will need to authenticate using your organization's IDEM credentials.
From the request form, you can select the following types of certificates:
- GÉANT Personal email signing and encryption
Personal certificates issued by a public CA for email signing and encryption purposes. Not suitable for document signing and client authentication. - GÉANT Personal Authentication
Personal certificates issued by a private CA for use in grid/IGTF environments and for client authentication. Not suitable for email signing and encryption, or for document signing. - GÉANT Personal Automated Authentication Personal robot certificates issued by a private CA for use in software agents authenticating on behalf of the user (grid/IGTF environment). Not suitable for email signing and encryption, or for document signing.
Request a personal certificate
Entities affiliated with the IDEM Federation can activate the service for their users by following the configuration instructions:
SAML Configuration Instructions
Follow the tutorials for requesting personal certificates on Sectigo
Log in with IDEM: 1,01 min.
Generate a certificate: 57 sec.
Generate a certificate with CSR: 1,14 min.
Command to generate the CSR from the terminal
openssl req -newkey rsa:2048 -keyout nome_cognome-key.pem -out nome_cognome-csr.pem -subj "/CN=Nome Cognome"
Guidelines to generate a request with CSR
To generate a PKCS12 file (.p12) using the downloaded certificate file (.crt) and the private key file (private.key), you can use the following command in the terminal:
Command to generate the file in PKCS12 format
openssl pkcs12 -export -in mario_rossi.crt -inkey private.key -out mioCertificato.p12
Let's import the generated certificate into our browser.
Personal TCS certificates can only be issued to members of organizations affiliated with IDEM and enabled for the service
OpensslIt is software available for Linux, macOS, and Windows systems.