Tip | ||
---|---|---|
| ||
The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details. |
InCommon Certificate Types
This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.
Contents:
Table of Contents |
---|
Anchor | ||||
---|---|---|---|---|
|
SSL/TLS Certificates
SHA-2 Server Certificates
The intermediate CA known as the InCommon RSA Server CA, which uses the SHA-2 hash algorithm, was deployed on September 22, 2014.
- Certificate Chain (Comodo's version of the chain):
- USERTrust Secure [DER]
- InCommon RSA Server
...
Domain Validation SSL/TLS Certificates
- Certification Practices Statement for OV SSL/TLS Certificates
Certificate Revocation List:
HTML http://crl.incommon-rsa.org/InCommonRSAServerCA.crl
Online Certificate Status Protocol:
HTML http://ocsp.incommon-rsa.org
Tip |
---|
To test the freshness of the CRL, type the following command:
|
Anchor | ||||
---|---|---|---|---|
|
Extended Validation SSL/TLS Certificates
Extended Validation (EV) SSL/TLS Certificates became available on March 10, 2011.
Certificate Chain:
Certificate Chain:HTML <br><span style="margin-left: 3em; line-height: 150%"><a href="
[AddTrust External CA Root|Wiki Markup
] \[[Text|https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1
]\] \[[PEM|">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt
AddTrustExternalCARoot">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span> <br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=104&nav=0,1,22">COMODO Certification Authority</a> [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/
]\]COMODOAddTrustServerCA.pem
InCommon Server CA \[[Text|Wiki Markup
InCommonServerCA">PEM</a>]</span> <br><span style="margin-left: 7em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=103&nav=0,1,22">COMODO Extended Validation Secure Server CA</a> [<a href="https://www.incommon.org/cert/repository/
]\COMODOExtendedValidationSecureServerCA.txt
\[[PEM|">Text</a>]
InCommonServerCA[<a href="https://www.incommon.org/cert/repository/
COMODOExtendedValidationSecureServerCA.pem">PEM</a>]</span> <br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
- Intermediate CA Bundle for EV SSL/TLS Certificates
- Certification Practices Statement for EV SSL/TLS Certificates
- Certificate Profile for EV SSL/TLS Certificates
Certificate Revocation List:
HTML http://crl.comodoca.com
/COMODOExtendedValidationSecureServerCA.crl
Online Certificate Status Protocol:
HTML http://ocsp.comodoca.com
IGTF Server Certificates
InCommon offers IGTF server certificates for use by subscribers who are also active with the IGTF grid community. Note: Unless you are running a server as part of the IGTF grid (see the IGTF website) these certificates are NOT what you need. Request a normal InCommon server certificate instead.
The intermediate CA known as the InCommon IGTF Server CA was deployed on July 7, 2014.
- Certificate Chain:
- AddTrust External CA Root
- COMODO RSA Certification Authority [DER]
- InCommon IGTF Server CA [DER]\]
- End-Entity Certificate
- Certificate Revocation List: http://crl.incommon-igtf.org/InCommonIGTFServerCA.crl
- Online Certificate Status Protocol: http://ocsp.incommon-igtf.org
- Certification Practices Statement
- Certificate Profile
...
- for IGTF certificates
Anchor | ||||
---|---|---|---|---|
|
Client Certificates
SHA-2 Standard Assurance Client Certificates
The intermediate CA known as the InCommon RSA Standard Assurance Client CA was deployed on September 18, 2014.
- Certificate Chain:
HTML |
---|
<br><span style="margin-left: 3em; line-height: 150%">AddTrust External CA Root |
...
[<a href="https:// |
...
www. |
...
incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span> <br><span style="margin-left: 5em; line-height: 150%">USERTrust RSA Certification Authority [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.pem">PEM</a>]</span> <br><span style="margin-left: 7em; line-height: 150%">InCommon RSA Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/ |
...
InCommonRSAStandardAssuranceClientCA.txt |
...
">Text</a>] |
...
[<a href="https://www.incommon.org/cert/repository/ |
...
InCommonRSAStandardAssuranceClientCA.pem">PEM</a>]</span> <br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span> |
- Intermediate CA Bundle for Standard Client Certificates
- Certification Practices Statement for Standard Client Certificates
Certificate Revocation List:
HTML http://crl.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl
Online Certificate Status Protocol:
HTML http://ocsp.incommon-rsa.org
SHA-1 Standard Assurance Client Certificates (deprecated)
The intermediate CA known as the InCommon Standard Assurance Client CA was deployed on March 10, 2011.
Certificate Chain:
HTML <br><span style="margin-left: 3em; line-height: 150%"><a href="
]\]https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=
10410&nav=0,1
,22] \[[Text|">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/
COMODOAddTrustServerCAAddTrustExternalCARoot.txt
]\">Text</a>]
\[[PEM|[<a href="https://www.incommon.org/cert/repository/
COMODOAddTrustServerCAAddTrustExternalCARoot.pem
]\]">PEM</a>]</span> <br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=
103114&nav=0,1
,22] \[[Text|">UTN-USERFirst-Client Authentication and Email</a> [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.pem">PEM</a>]</span> <br><span style="margin-left: 7em; line-height: 150%">InCommon Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/
COMODOExtendedValidationSecureServerCAInCommonStandardAssuranceClientCA.txt">Text</a>]
\][<a href="https://www.incommon.org/cert/repository/
COMODOExtendedValidationSecureServerCAInCommonStandardAssuranceClientCA.pem
]\]End-Entity Certificate">PEM</a>]</span> <br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
- Apache
- Bundlefor Standard Client Certificates
- Certification Practices Statement for Standard Client Certificates
- Certificate Profile for Standard Client Certificates
Certificate Revocation List:
HTML http://crl.
comodocaincommon.
comorg/
COMODOExtendedValidationSecureServerCAInCommonStandardAssuranceClientCA.crl
Online Certificate Status Protocol:
HTML http://ocsp.
comodocaincommon.
com- Certification Practices Statement
- Certificate Profile
Client Certificates
Standard Assurance Personal Certificates
org
Anchor | ||||
---|---|---|---|---|
|
Code-signing Certificates
The intermediate CA known as the InCommon RSA Code Signing CA (SHA-2) was deployed on September 19, 2014.
- Certificate Chain
- Please click here to see the cert chain: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/992/108/incommon-code-signing-sha-2
- Certificate Chain
The intermediate CA known as the InCommon Code Signing CA (SHA-1) was deployed on June 30, 2011.
Certificate Chain:
HTML <br><span style="margin-left: 3em; line-height: 150%"><a href="
Certificate Chain: https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1
] \[[Text|">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>]
\][<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem
]\]">PEM</a>]</span> <br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=24&pcid=1&nav=0,1">UTN-USERFirst-Object</a> [<a href="https://www.incommon.org/cert/repository/
UTNAddTrustClient_CA.txt]\] \[[PEM|UTN-USERFirst-Object.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/
UTNAddTrustClient_CAUTN-USERFirst-Object.pem
]\]">PEM</a>]</span> <br><span style="margin-left: 7em; line-height: 150%">InCommon Code Signing CA [<a href="https://www.incommon.org/cert/repository/
InCommonStandardAssuranceClientCAInCommonCodeSigningCA.txt">Text</a>]
\][<a href="https://www.incommon.org/cert/repository/
InCommonStandardAssuranceClientCAInCommonCodeSigningCA.pem
]\]- End-Entity Certificate
">PEM</a>]</span> <br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:
- Certification Practices Statement for Code-Signing Certificates
Certificate Revocation List:
HTML http://crl.incommon.org/
InCommonStandardAssuranceClientCAInCommonCodeSigningCA.crl
Online Certificate Status Protocol:
HTML http://ocsp.incommon.org
- Certification Practices Statement
- Certificate Profile
Bronze Assurance Personal Certificates
Not yet available
Silver Assurance Personal Certificates
Not yet available
Gold Assurance Personal Certificates
Not yet available
Code-signing Certificates
...