Versions Compared

Old Version 54

changes.mady.by.user Paul Caskey (internet2.edu)

Saved on

compared with

New Version 58

changes.mady.by.user Paul Caskey (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Tip
titleInCommon Certificate Service SSO and MFA Available

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details.

InCommon Certificate Types

This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.

...

  • Certificate Chain (Comodo's version of the chain):
    • USERTrust Secure [DER]
    • InCommon RSA Server CA [DER] [PEM]
    • End-Entity Certificate Certificate
    Revocation List:
    HTML
    http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

    Online Certificate Status Protocol:

    html
    http://ocsp.incommon.org

...

Organizational Validation SSL/TLS Certificates

The intermediate CA known as the InCommon Server CA was deployed on February 1, 2011. Prior to that date, Organizational Validation (OV) SSL/TLS end-entity certificates were signed by the COMODO High Assurance Secure Server CA.

  • Certificate Chain:

    HTML
    <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">InCommon Server CA [<a href="https://www.incommon.org/cert/repository/InCommonServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonServerCA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">End-Entity Certificate</span>
  • Intermediate CA Bundle for OV SSL/TLS Certificates
  • Certification Practices Statement for OV SSL/TLS CertificatesCertificate Profile for OV SSL/TLS Certificates

  • Certificate Revocation List:

    HTML
    http://crl.incommon-rsa.org/InCommonServerCAInCommonRSAServerCA.crl


  • Online Certificate Status Protocol:

    HTML
    http://ocsp.incommon-rsa.org



Tip

To test the freshness of the CRL, type the following command:

$ curl -s http://crl.incommon.org/InCommonServerCA.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

...

Anchor
client-certs
client-certs

...