Steps to Request Certificate
In order to request and be issued a GÉANT's Multi-Domain Network Services certificate; three steps have to be performed by the server/machine administrator. They are explained below:
We need to perform some type of identity vetting on you to be able to authenticate a certificate application send by you. The GÉANT Multi-Domain Network Services RA currently supports two ways of identity vetting; you can choose either of the two:
1) TCS Personal Certificates
If you are in possession of a TCS Personal Certificate or a TCS Personal eScience Certificate, you can use this in step 3 to send us a signed email (S/MIME) with the certificate application form (PDF) attached.
2) PGP/GPG signature
If you have a PGP/GPG key, please make sure that the key is signed by SA2 RAs PGP signing key, and is available on commodity PGP key-servers. You can then use this in step 3 to send us a signed email with the certificate application form (PDF) attached.
Please check GÉANT Multi-Domain Network Service Administrator Registry to make sure that your email address is listed as an administrator of a GÉANT Multi-Domain Network Service.
If your name is not listed on the registry and you would like to request a certificate please contact RAs via email email@example.com
The GÉANT Multi-Domain Network Services RA will only issue certificates that are requested by administrator that have a contact email address listed in the registry.
The profiles you request for your certificate must also match your entry in the registry.
3. Certificate request
Please navigate to the eduPKI CA interface and open the Multi-Domain Network Services Certificate Request Generator (eduPKI CA)
These fields must match your registered data in the GÉANT Multi-Domain Network Service Administrator Registry (see step 2 above)
Your selection must be consistent with your registered data in the GÉANT Multi-Domain Network Service Administrator Registry (see step 2 above)
eduPKI CA only issues certificates to legal entities. If your GÉANT Multi-Domain Network Service installation is only in a department of a legal entity, remember to fill in your parent organisation's entity's name.
After submitting the form in the Certificate Request Generator, it will generate a cryptographic key pair (a private key and the matching public key) locally on your system and you will be asked to save that private key into a directory together with the generated certificate application form in PDF format.
Please send the PDF form (and only the PDF form) via a signed email (as per the requirements in step 1) to firstname.lastname@example.org. The email signature must be for the email address that is in the certificate application and is registered for you in the GÉANT Multi-Domain Network Service Administrator Registry.
The eduPKI GÉANT Multi-Domain Network Services RA personnel will verify that the request is in order and will issue your certificate as quickly as possible. The verification procedure includes human processing and is not instant, please allow for a few business days to process.