Versions Compared

Old Version 59

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Paul Caskey (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The intermediate CA known as the "InCommon RSA Server CA 2", which uses the SHA-2 hash algorithm, was deployed on September 22November 1, 20142023.

  • Certificate Chain (Comodo's version of the chain):
    • AAA Certificate Services  [PEM]
    • USERTrust RSA Certification Authority [PEMUSERTrust Secure [DER]
    • InCommon RSA Server CA [DER2 [PEM]
    • End-Entity Certificate
  • Certification Practices Statement for OV SSL/TLS Certificates

  • Certificate Revocation List:


    HTML
     http://crl.incommon-rsasectigo.orgcom/InCommonRSAServerCAInCommonRSAServerCA2.crl


  • Online Certificate Status Protocol:


    HTML
     http://ocsp.incommon-rsasectigo.orgcom



Tip

To test the freshness of the CRL, type the following command:

$ curl -s http://crl.incommonsectigo.orgcom/InCommonServerCAInCommonServerCA2.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

...

  • Certificate Chain:

    HTML
    <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> >AAA Certificate Services [<a href="https://wwwspaces.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pemat.internet2.edu/download/attachments/24576265/AAA%20Certificate%20Services.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=104&nav=0,1,22">COMODO Certification Authority</a>>USERTrust RSA Certification Authority [<a href="https://wwwspaces.incommon.org/cert/repository/COMODOAddTrustServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.pemat.internet2.edu/download/attachments/24576265/USERTrust%20RSA%20Certification%20Authority.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=103&nav=0,1,22">COMODO>Sectigo RSA Extended Validation Secure Server CA</a>CA [<a href="https://wwwspaces.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.pemat.internet2.edu/download/attachments/24576265/Sectigo%20RSA%20Extended%20Validation%20Secure%20Server%20CA.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>


  • Intermediate CA Bundle for EV SSL/TLS Certificates
  • Certification Practices Statement for EV SSL/TLS Certificates
  • Certificate Profile for EV SSL/TLS Certificates

  • Certificate Revocation List:

    HTML
    http://crl.comodocasectigo.com/
    COMODOExtendedValidationSecureServerCA
    SectigoRSAExtendedValidationSecureServerCA.crl


  • Online Certificate Status Protocol:

    HTML
    http://ocsp.comodocasectigo.com


IGTF Server Certificates

InCommon offers IGTF server certificates for use by subscribers who are also active with the IGTF grid community. Note: Unless you are running a server as part of the IGTF grid (see the IGTF website) these certificates are NOT what you need. Request a normal InCommon server certificate instead.

The intermediate CA known as the InCommon RSA IGTF Server CA 3 was deployed on July 717, 20142023.

  • Certificate Chain:
    • AddTrust External CA Root
    • AAA Certificate Services (root) [PEM]
    • USERTrust COMODO RSA Certification Authority [DERPEM]
    • InCommon RSA IGTF Server CA 3 [DERPEM]
    • End-Entity Certificate

Anchor
client-certs
client-certs

...

HTML
<br><span style="margin-left: 3em; line-height: 150%">AddTrust>AAA ExternalCertificate CAServices Root [<a href="https://wwwspaces.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pemat.internet2.edu/download/attachments/24576265/AAA%20Certificate%20Services.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">USERTrust RSA Certification Authority [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon RSA Standard Assurance Client CA 2 [<a href="https://wwwspaces.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.pemat.internet2.edu/download/attachments/24576265/InCommon%20RSA%20Standard%20Assurance%20Client%20CA%202.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates

    • Certificate Revocation List:

      HTML
      http://crl.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl


    • Online Certificate Status Protocol:

      HTML
      http://ocsp.incommon-rsa.org

SHA-1 Standard Assurance Client Certificates (deprecated)

The intermediate CA known as the InCommon Standard Assurance Client CA was deployed on March 10, 2011.

    • Certificate Chain:
       HTML
      <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=114&nav=0,1">UTN-USERFirst-Client Authentication and Email</a> [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>

    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates
    • Certificate Profile for Standard Client Certificates
      • Certificate Revocation List:
       HTML
      http://crl.incommon.org/InCommonStandardAssuranceClientCA.crl
      Online Certificate Status Protocol:
       HTML
      http://ocsp.incommon.org

 Anchor
code-signing-certs
code-signing-certs
...
    • Certificate Chain:
       HTML
      <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> >AAA Certificate Services [<a href="https://wwwspaces.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pemat.internet2.edu/download/attachments/24576265/AAA%20Certificate%20Services.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=24&pcid=1&nav=0,1">UTN-USERFirst-Object</a>>Sectigo Public Code Signing Root R46  [<a href="https://wwwspaces.incommon.org/cert/repository/UTN-USERFirst-Object.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.pemat.internet2.edu/download/attachments/24576265/Sectigo%20Public%20Code%20Signing%20Root%20R46.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon>Sectigo Public Code Signing CA R36 [<a href="https://wwwspaces.incommon.org/cert/repository/InCommonCodeSigningCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.pemat.internet2.edu/download/attachments/24576265/Sectigo%20Public%20Code%20Signing%20CA%20R36.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>


The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:
    • Certification Practices Statement for Code-Signing Certificates
    • Certificate Revocation List:
       HTML
      http://crl.incommonsectigo.orgcom/InCommonCodeSigningCASectigoPublicCodeSigningRootR46.crl

    • Online Certificate Status Protocol:
       HTML
      http://ocsp.incommonsectigo.orgcom