Certificates

Scientific and educational institutions may purchase server and personal certificates from an external provider through DeiC at a discount. DeiC also offers assistance with the installation and renewal of certificates from both commercial providers and Let's Encrypt.

Types of Certificates Facilitated by DeiC and Their Purpose

The lifespan of certificates and Domain Control Validation will by significantly decrease by 2029. This was unanimously decided in ballot SC-081v3 in April 2025, by the "Certification Authority Browser Forum" and will affect all PKI TLS-certficates.

  • Maximum lifetime of certificates will 47 days and only 10 days for DCV reuse from March 15, 2029

This development prompts institutions to consider:

> Do we have an automation strategy for *all* PKI TLS certificates across *our entire organisation*?

The answer will often involve using ACME, which simplifies the acquisition of certificates.

Obtaining **wildcard certificates** or certificates for **internal** servers, however, requires DNS validation in ACME, which is more complex. To simplify and secure this process, DeiC offers a free ACME-DNS service available to institutions connected to the Research Network (Forskningsnettet).

Certificates via GÉANT

Through GÉANT and its Trusted Certificate Service (TCS), DeiC provides certificates to the research and education sector, issued by a commercial provider. GÉANT has partnered with HARICA as the Certificate Authority (CA). HARICA delivers certificates via their self-service portal, offering the following types of certificates:

  • Domain-Validated (DV) and Organisation-Validated (OV) server certificates
  • Code-signing certificates
  • Email certificates
  • Personal certificates
  • IGTF OV Server Certificates

Read more about the agreement with HARICA in GÉANT's TCS Wiki.

***Note**: The agreement does not cover Extended Validation (EV) certificates, which can, however, be ordered directly from HARICA outside of the GÉANT/TCS framework.*

Rules for TCS Certificates

  1. Certificates may only be used by research and educational institutions, not for commercial purposes.
  2. The institution must sign a Trusted Certificate Service (TCS) Subscriber Agreement, reflecting the terms set by HARICA.
  3. The institution must appoint one or more responsible individuals authorised to order certificates on its behalf.
  4. DeiC will verify the institution and grant rights to designated administrators/users, who can then independently order server certificates.

Certificates via Let's Encrypt

Let's Encrypt is a free and open Certificate Authority (CA) operated by the non-profit Internet Security Research Group (ISRG). Its certificates are trusted by all major browsers and have gained widespread popularity. Numerous tools now exist to simplify the automation of standard server certificate issuance and renewal for individual public web servers.

For institutions using or wishing to use Let's Encrypt's free certificates, DeiC offers consultancy services to assist with setup and automation of renewals.

Certificates via DeiC’s ACME-DNS Service

DeiC offers a service to streamline and secure the DNS-01 Challenge using the Automatic Certificate Management Environment (ACME) protocol. The service can be used with any CA that supports ACME, such as Let's Encrypt. It is particularly intended for institutions looking to automate certificate issuance and renewal across their organisation, including **wildcard certificates** and certificates for **internal networks**.

Pricing

GÉANT TCS Certificates

HARICA became the provider as of 1 January 2025.

Current prices:

  • OV Single Certificate: DKK 410
  • OV Wildcard Certificate: DKK 500
  • OV Multi-Domain Certificate: DKK 1,060
  • Code-Signing Certificate:
    • 1 year: DKK 420
    • 2 years: DKK 520
    • 3 years: DKK 620
  • Personal Certificate: Free for the first 10, then DKK 100 per certificate.

We are working on a "Ad libitum" model, which will be finalized in Q4 2025, where prices probably will be:

  • 0-30: Samme priser som i dag
  • 31-60: 10.000 kr/år
  • 61-150: 20.000 kr/år
  • 151-300: 50.000 kr/år
  • 301- :100.000 kr/år

DeiC’s ACME-DNS Service

The ACME-DNS service, using DNS-01 Challenge validation, is free for all institutions on the Research Network.

Institutions may choose any CA that supports the ACME protocol for DNS validation. When using a free CA, such as Let's Encrypt, the certificates are also free. But ACME-DNS can also be used with HARICA's ACME implementation.

DeiC offers consultancy services for implementation at a rate of DKK 950 per hour.

How to Obtain a Certificate via DeiC

Certificates via HARICA

Log in to the HARICA Certificate Manager self-service portal through your institution by selecting `Academic Login`. Locate your institution and log in via WAYF.

CERT Manager Login
Foto: DeiC
CERT Manager Search
Foto: DeiC

**The HARICA Cert Manager onboarding process is outlined here.**

CERT Manager Onboarding Process
Foto: DeiC

You can download PDFs outlining workflows for the various roles in the onboarding process here:

Guides and support from HARICA are available here, while API documentation is accessible here.

GÉANT maintains a FAQ which contains information on how to support ACME with HARICA.

If you wish to test the service without incurring costs, you can use the HARICA Staging Service.

Certificates via ACME and DeiC’s ACME-DNS Service

Technical documentation is available on Codeberg.

DeiC provides support and assistance with initial setup.

Contact Information

For questions or assistance, contact scs-ra@deic.dk.

Revised
28 Oct 2025

Related news and events

Kvantecomputer hvid baggrund
Foto: Colourbox
19 Feb 2024
DeiC participates in a European project on quantum communication
Broad Danish involvement collaborates to establish a quantum network between Lyngby, Copenhagen, and Odense over the next 2.5 years.
view
LUMI Søvnforskning
Foto: Kaare Mikkelsen
09 Jun 2023
Big Sleep Data: LUMI Supercomputer Trains Neural Networks for Sleep Research
Two graduate students at Aarhus University in Denmark have contributed to international research by developing tools for training neural networks on LUMI.
view
Amberscript webinar
DeiC will host a webinar on the new text-to-speech service called Amberscript.
view
Wayf
Grafik: DeiC
12 Apr 2021
The University of Reykjavík is now part of WAYF
With the University of Reykjavík, WAYF has now admitted its second Icelandic member. This continues the trend of recent years with growing adherence to WAYF among research and educational institutions throughout the North Atlantic area.
view
Videoundervisning
Grafik: Colourbox.
29 Mar 2021
Is digital education and homeworking here to stay?
In March 2020, many were thrown into online meetings and teaching from one day to the other. But what has it really taught us, and how can we use it when Corona is no longer dominating? Helle Rootzen, who is an expert in learning and digitalisation, gives her opinion on this.
view
Cloud
Grafik: DeiC
15 Mar 2021
Infrastructure-as-a-Service vendors have now been appointed
The tender process at GÉANT for the so-called Open Clouds for Research and Education contracts has now been completed. Hundreds of contracts have been concluded in many European countries.
view