Versions Compared

Old Version 1

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version Current

changes.mady.by.user Paul Caskey (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Tip
titleInCommon Certificate Service SSO and MFA Available

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details.

InCommon Certificate Types

This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.

Contents:

Table of Contents

Anchor
ssl-certs
ssl-certs

SSL/TLS Certificates

SHA-2 Server Certificates

The intermediate CA known as the "InCommon RSA Server CA 2", which uses the SHA-2 hash algorithm, was deployed on November 1, 2023.

  • Certificate Chain:
    • AAA Certificate Services  [PEM]
    • USERTrust RSA Certification Authority [PEM]
    • InCommon RSA Server CA 2 [PEM]
    • End-Entity Certificate
  • Certification Practices Statement for OV SSL/TLS Certificates

  • Certificate Revocation List:


    HTML
     http://crl.sectigo.com/InCommonRSAServerCA2.crl


  • Online Certificate Status Protocol:


    HTML
     http://ocsp.sectigo.com



Tip

To test the freshness of the CRL, type the following command:

$ curl -s http://crl.sectigo.com/InCommonServerCA2.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

Anchor
ev-certs
ev-certs

Extended Validation SSL/TLS Certificates

Extended Validation (EV) SSL/TLS Certificates became available on March 10, 2011.

  • Certificate Chain:

    HTML
    <br><span style="margin-left: 3em; line-height: 150%">AAA Certificate Services [<a href="https://spaces.at.internet2.edu/download/attachments/24576265/AAA%20Certificate%20Services.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">USERTrust RSA Certification Authority [<a href="https://spaces.at.internet2.edu/download/attachments/24576265/USERTrust%20RSA%20Certification%20Authority.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">Sectigo RSA Extended Validation Secure Server CA [<a href="https://spaces.at.internet2.edu/download/attachments/24576265/Sectigo%20RSA%20Extended%20Validation%20Secure%20Server%20CA.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>


  • Intermediate CA Bundle for EV SSL/TLS Certificates
  • Certification Practices Statement for EV SSL/TLS Certificates
  • Certificate Profile for EV SSL/TLS Certificates

  • Certificate Revocation List:

    HTML
    http://crl.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crl


  • Online Certificate Status Protocol:

    HTML
    http://ocsp.sectigo.com


IGTF Server Certificates

InCommon offers IGTF server certificates for use by subscribers who are also active with the IGTF grid community. Note: Unless you are running a server as part of the IGTF grid (see the IGTF website) these certificates are NOT what you need. Request a normal InCommon server certificate instead.

The intermediate CA known as the InCommon RSA IGTF Server CA 3 was deployed on July 17, 2023.

  • Certificate Chain:
    • AAA Certificate Services (root) [PEM]
    • USERTrust RSA Certification Authority [PEM]
    • InCommon RSA IGTF Server CA 3 [PEM]
    • End-Entity Certificate

Anchor
client-certs
client-certs

Client Certificates

SHA-2 Standard Assurance Client Certificates

The intermediate CA known as the InCommon RSA Standard Assurance Client CA was deployed on September 18, 2014.

    • Certificate Chain:
HTML
<br><span style="margin-left: 3em; line-height: 150%">AAA Certificate Services [<a href="https://spaces.at.internet2.edu/download/attachments/24576265/AAA%20Certificate%20Services.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">USERTrust RSA Certification Authority [<a href="

InCommon Certificate Types

Server Certificates

Domain Validation SSL/TLS Certificates

  • Certificate Chain:
    • Wiki Markup
      [AddTrust External CA Root|https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1] \[[Text|https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt]\] \[[PEM|https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem]\]
      • Wiki Markup
        InCommon Server CA \[[Text|https://www.incommon.org/cert/repository/InCommonServerCA.txt]\] \[[PEM|https://www.incommon.org/cert/repository/InCommonServerCA.pem]\]
        • End-Entity Certificate

Extended Validation SSL/TLS Certificates

...

Wiki Markup
[AddTrust External CA Root|https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1] \[[Text|https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt]\] \[[PEM|https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem]\]

...

https://www.incommon.org/cert/repository/

...

USERTrustRSAClient_CA.txt">Text</a>]

...

...

[<a href="https://www.incommon.org/cert/repository/

...

USERTrustRSAClient_CA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon RSA Standard Assurance Client CA 2 [<a href="https://spaces.at.internet2.edu/download/attachments/24576265/InCommon%20RSA%20Standard%20Assurance%20Client%20CA%202.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
    • ]\]
    • Wiki Markup
      [COMODO Extended Validation Secure Server CA|https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=103&nav=0,1,22] \[[Text|https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.txt]\] \[[PEM|https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.pem]\]
      • End-Entity Certificate
    Intermediate CA Apache Bundle

    • Certificate Revocation List:

      HTML
      http://crl.
    • comodoca.com/COMODOExtendedValidationSecureServerCA
    • incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl


    • Online Certificate Status Protocol:

      HTML
      http://ocsp.
    • comodoca.com
  • Certification Practices Statement
  • Certificate Profile

Client Certificates

Standard Assurance Personal Certificates

    • incommon-rsa.org


Anchor
code-signing-certs
code-signing-certs

Code-signing Certificates

The intermediate CA known as the InCommon RSA Code Signing CA (SHA-2) was deployed on September 19, 2014.

    Certificate Chain: Wiki Markup[AddTrust External CA Root|
    • Certificate Chain
      • Please click here to see the cert chain:
    • _m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1] \[[Text|https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt]\] \[[PEM|https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem]\]
    • Wiki Markup
      UTN-USERFirst-Client Authentication and Email \[[Text|https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.txt]\] \[[PEM|https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.pem]\]
      • Wiki Markup
        InCommon Standard Assurance Client CA \[[Text|https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.txt]\] \[[PEM|https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.pem]\]
        • End-Entity Certificate
    Intermediate CA Apache Bundle


The intermediate CA known as the InCommon Code Signing CA (SHA-1) was deployed on June 30, 2011.

    • Certificate Chain:

      HTML
      <br><span style="margin-left: 3em; line-height: 150%">AAA Certificate Services [<a href="https://spaces.at.internet2.edu/download/attachments/24576265/AAA%20Certificate%20Services.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">Sectigo Public Code Signing Root R46  [<a href="https://spaces.at.internet2.edu/download/attachments/24576265/Sectigo%20Public%20Code%20Signing%20Root%20R46.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">Sectigo Public Code Signing CA R36 [<a href="https://spaces.at.internet2.edu/download/attachments/24576265/Sectigo%20Public%20Code%20Signing%20CA%20R36.pem?api=v2">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>


The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:

Bronze Assurance Personal Certificates

Not yet available

Silver Assurance Personal Certificates

Not yet available

Gold Assurance Personal Certificates

Not yet available

Code-signing Certificates

...

    • sectigo.com