Page History

Tip

title	InCommon Certificate Service SSO and MFA Available

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details.

InCommon Certificate Types

Server Certificates

This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.

Contents:

Table of Contents

Anchor

	ssl-certs
	ssl-certs

SSL/TLS Certificates

SHA-2 Server Certificates

The intermediate CA known as the InCommon RSA Server CA, which uses the SHA-2 hash algorithm, was deployed on September 22, 2014.

Certificate Chain (Comodo's version of the chain):
- USERTrust Secure [DER]
- InCommon RSA Server CA [DER] [PEM]
- End-Entity Certificate

Certificate Revocation List:

HTML
http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Online Certificate Status Protocol:
HTML
http://ocsp.incommon.org

Anchor

	ov-certs
	ov-certs

Organizational

...

Validation SSL/TLS Certificates

The intermediate CA known as the InCommon Server CA was deployed on February 1, 2011. Prior to that date, Organizational Validation (OV) SSL/TLS end-entity certificates were signed by the COMODO High Assurance Secure Server CA.

Certificate Chain:

Wiki Markup[AddTrust External CA Root|

HTML
<br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1

] \[[Text|

">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt

]\

">Text</a>]

\[[PEM|

[<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem

]\] Wiki MarkupInCommon

">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">InCommon Server CA

\[[Text|

[<a href="https://www.incommon.org/cert/repository/InCommonServerCA.txt">Text</a>]

\]

\[[PEM|

[<a href="https://www.incommon.org/cert/repository/InCommonServerCA.pem

]\]End-Entity Certificate

">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">End-Entity Certificate</span>

Intermediate CA Apache BundleBundle for OV SSL/TLS Certificates
Certification Practices Statement for OV SSL/TLS Certificates
Certificate Profile for OV SSL/TLS Certificates

Certificate Revocation List:

HTML
http://crl.incommon.org/InCommonServerCA.crl

Online Certificate Status Protocol
Certification Practices Statement

Certificate Profile

:
HTML
http://ocsp.incommon.org

Tip

To test the freshness of the CRL, type the following command:

$ curl -s http://crl.incommon.org/InCommonServerCA.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

Anchor

	ev-certs
	ev-certs

Extended Validation SSL/TLS Certificates

Extended Validation (EV) SSL/TLS Certificates became available on March 10, 2011.

Certificate Chain:

Wiki Markup[AddTrust External CA Root|

HTML
<br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1

] \[[Text|

">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt

]\

">Text</a>]

\[[PEM|

[<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem

]\] Wiki Markup[COMODO Certification Authority|

">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=104&nav=0,1,22

] \[[Text|

">COMODO Certification Authority</a> [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.txt">Text</a>]

\]

\[[PEM|

[<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.pem

]\] Wiki Markup[COMODO Extended Validation Secure Server CA|

">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=103&nav=0,1,22

] \[[Text|

">COMODO Extended Validation Secure Server CA</a> [<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.txt

]\

">Text</a>]

\[[PEM|

[<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.pem

]\]End-Entity Certificate

">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>

Intermediate CA Apache BundleBundle for EV SSL/TLS Certificates
Certification Practices Statement for EV SSL/TLS Certificates
Certificate Profile for EV SSL/TLS Certificates
Certificate Revocation List:
HTML
http://crl.comodoca.com
/COMODOExtendedValidationSecureServerCA.crl
Online Certificate Status Protocol:
HTML
http://ocsp.comodoca.com

IGTF Server Certificates

The intermediate CA known as the InCommon IGTF Server CA was deployed on July 7, 2014.

Certificate Chain:

Certification Practices Statement

Certificate Profile

- AddTrust External CA Root
- COMODO RSA Certification Authority [DER]
- InCommon IGTF Server CA [DER]
- End-Entity Certificate

Certificate Revocation List: http://crl.incommon-igtf.org/InCommonIGTFServerCA.crl
Online Certificate Status Protocol: http://ocsp.incommon-igtf.org
Repository: https://www.incommon.org/certificates/igtf/

Anchor

	client-certs
	client-certs

Client Certificates

SHA-2 Standard Assurance

...

Client Certificates

The intermediate CA known as the InCommon RSA Standard Assurance Client CA was deployed on September 18, 2014.

- Certificate Chain:

Wiki Markup

HTML

<br><span style="margin-left: 3em; line-height: 150%">AddTrust External CA Root [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">USERTrust RSA Certification Authority [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon RSA Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>

- Intermediate CA Bundle for Standard Client Certificates
- Certification Practices Statement for Standard Client Certificates
- Certificate Revocation List:
  HTML
  http://crl.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl
- Online Certificate Status Protocol:
  HTML
  http://ocsp.incommon-rsa.org

SHA-1 Standard Assurance Client Certificates (deprecated)

The intermediate CA known as the InCommon Standard Assurance Client CA was deployed on March 10, 2011.

Certificate Chain:

HTML
<br><span style="margin-left: 3em; line-height: 150%"><a href="

[AddTrust External CA Root|

https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1

] \[[Text|

">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt

]\

- ">Text</a>]

\[[PEM|

[<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem

]\]

Wiki Markup

UTN

">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=114&nav=0,1">UTN-USERFirst-Client Authentication and

Email

- Email</a>

\[[Text|

[<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.txt">Text</a>]

\]

\[[PEM|

[<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.pem

]\]

Wiki Markup

InCommon

">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon Standard Assurance Client CA

\[[Text|

[<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.txt">Text</a>]

\]

\[[PEM|

[<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.pem

]\]End-Entity Certificate

">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>

- Intermediate CA

Apache

- Bundlefor Standard Client Certificates
- Certification Practices Statement for Standard Client Certificates
- Certificate Profile for Standard Client Certificates
- Certificate Revocation List:
  HTML
  http://crl.incommon.org/InCommonStandardAssuranceClientCA.crl
- Online Certificate Status Protocol:
  HTML
  http://ocsp.incommon.org
Certification Practices Statement
Certificate Profile

Bronze Assurance Personal Certificates

Not yet available

Silver Assurance Personal Certificates

Not yet available

Gold Assurance Personal Certificates

Not yet available

Code-signing Certificates

Anchor

	code-signing-certs
	code-signing-certs

Code-signing Certificates

The intermediate CA known as the InCommon RSA Code Signing CA (SHA-2) was deployed on September 19, 2014.

- Certificate Chain
  - Please click here to see the cert chain: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/992/108/incommon-code-signing-sha-2

The intermediate CA known as the InCommon Code Signing CA (SHA-1) was deployed on June 30, 2011.

Certificate Chain:

HTML

<br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=24&pcid=1&nav=0,1">UTN-USERFirst-Object</a> [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon Code Signing CA [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>

The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:

- Certification Practices Statement for Code-Signing Certificates
- Certificate Revocation List:
  HTML
  http://crl.incommon.org/InCommonCodeSigningCA.crl
- Online Certificate Status Protocol:
  HTML
  http://ocsp.incommon.org

...

Page tree

Versions Compared

Old Version 1

New Version 56

Key

InCommon Certificate Types

Server Certificates

SSL/TLS Certificates

SHA-2 Server Certificates

Organizational

Validation SSL/TLS Certificates

Extended Validation SSL/TLS Certificates

IGTF Server Certificates

Client Certificates

SHA-2 Standard Assurance

Client Certificates

SHA-1 Standard Assurance Client Certificates (deprecated)

Bronze Assurance Personal Certificates

Silver Assurance Personal Certificates

Gold Assurance Personal Certificates

Code-signing Certificates

Code-signing Certificates