Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 55 Current »

InCommon Certificate Service SSO and MFA Available

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details.

InCommon Certificate Types

This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.

Contents:

SSL/TLS Certificates

SHA-2 Server Certificates

The intermediate CA known as the InCommon RSA Server CA, which uses the SHA-2 hash algorithm, was deployed on September 22, 2014.

  • Certificate Revocation List:http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

  • Online Certificate Status Protocol:http://ocsp.incommon.org

Organizational Validation SSL/TLS Certificates

The intermediate CA known as the InCommon Server CA was deployed on February 1, 2011. Prior to that date, Organizational Validation (OV) SSL/TLS end-entity certificates were signed by the COMODO High Assurance Secure Server CA.

  • Intermediate CA Bundle for OV SSL/TLS Certificates
  • Certification Practices Statement for OV SSL/TLS Certificates
  • Certificate Profile for OV SSL/TLS Certificates
  • Certificate Revocation List:http://crl.incommon.org/InCommonServerCA.crl

  • Online Certificate Status Protocol:http://ocsp.incommon.org

To test the freshness of the CRL, type the following command:

$ curl -s http://crl.incommon.org/InCommonServerCA.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

Extended Validation SSL/TLS Certificates

Extended Validation (EV) SSL/TLS Certificates became available on March 10, 2011.

  • Intermediate CA Bundle for EV SSL/TLS Certificates
  • Certification Practices Statement for EV SSL/TLS Certificates
  • Certificate Profile for EV SSL/TLS Certificates
  • Certificate Revocation List:http://crl.comodoca.com/COMODOExtendedValidationSecureServerCA.crl

  • Online Certificate Status Protocol:http://ocsp.comodoca.com

IGTF Server Certificates

The intermediate CA known as the InCommon IGTF Server CA was deployed on July 7, 2014.

  • Certificate Chain:
    • AddTrust External CA Root
    • COMODO RSA Certification Authority [DER]
    • InCommon IGTF Server CA [DER]
    • End-Entity Certificate

Client Certificates

SHA-2 Standard Assurance Client Certificates

The intermediate CA known as the InCommon RSA Standard Assurance Client CA was deployed on September 18, 2014.

    • Certificate Chain:

AddTrust External CA Root [Text] [PEM]
USERTrust RSA Certification Authority [Text] [PEM]
InCommon RSA Standard Assurance Client CA [Text] [PEM]
End-Entity Certificate
    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates
    • Certificate Revocation List:

      http://crl.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl
    • Online Certificate Status Protocol:

      http://ocsp.incommon-rsa.org


SHA-1 Standard Assurance Client Certificates (deprecated)

The intermediate CA known as the InCommon Standard Assurance Client CA was deployed on March 10, 2011.

    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates
    • Certificate Profile for Standard Client Certificates
    • Certificate Revocation List:http://crl.incommon.org/InCommonStandardAssuranceClientCA.crl

    • Online Certificate Status Protocol:http://ocsp.incommon.org

Code-signing Certificates

The intermediate CA known as the InCommon RSA Code Signing CA (SHA-2) was deployed on September 19, 2014.


The intermediate CA known as the InCommon Code Signing CA (SHA-1) was deployed on June 30, 2011.

The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:

    • Certification Practices Statement for Code-Signing Certificates
    • Certificate Revocation List:http://crl.incommon.org/InCommonCodeSigningCA.crl

    • Online Certificate Status Protocol:http://ocsp.incommon.org


  • No labels