Certificates

DeiC offers server certificates, personal certificates, code signing certificates, and eScience certificates.

DeiC offers different types of certificates for schools, research institutions, and affiliated organisations through the Trusted Certificate Service (TCS) agreement with GÉANT. GÉANT has partnered with HARICA, which now serves as the Certificate Authority (CA) under the TCS agreement. HARICA provides a range of certificates via their self-service portal.

Additionally, DeiC provides a free ACME-DNS service for research institutions, enabling secure and easy creation of DNS-01 Challenge validation using the Automatic Certificate Management Environment (ACME) protocol. This service is designed for institutions wishing to automate certificate renewals across their organisation and supports obtaining free wildcard certificates and certificates for internal servers from providers such as Let’s Encrypt.

Types of Certificates Offered by DeiC

Certificates via the GÉANT TCS Agreement

DeiC offers through the TCS agreement, certificates available via HARICA's self-service portal, which includes:

  • Server Domain Validated (DV) and Organisation Validated (OV) certificates
  • Personal certificates
  • Code-signing certificates
  • eScience certificates

Note: The agreement does not cover Extended Validation (EV) certificates. These can, however, be ordered directly from HARICA outside the TCS agreement.

Certificates via DeiC's ACME-DNS Service

The lifespan of certificates is expected to significantly decrease in the future. Both Google and Apple have issued proposals to reduce certificate lifespans to 90 days and, in the case of Apple, as short as 10 days by the end of 2027.

Given that Google and Apple dominate the browser market and both consider that neither Certificate Revocation Lists (CRL) nor the Online Certificate Status Protocol (OCSP) function effectively, it is likely that the validity period of TLS certificates will soon be drastically reduced.

This development prompts institutions to consider:

What is our automation strategy for managing all X.509 certificates used across our organisation?

The ACME protocol is the solution. However, obtaining wildcard certificates or certificates for internal servers requires DNS validation. DeiC's ACME-DNS service facilitates this process securely.

Rules for Certificate Issuance

  1. Certificates may not be used for commercial purposes and solely by research and educational institutions.
  2. Institutions must sign a Trusted Certificate Service (TCS) Subscriber Agreement, reflecting the terms set by HARICA.
  3. Institutions must appoint one or more responsible individuals authorised to request certificates on their behalf.
  4. DeiC verifies the institution and assigns rights to administrators/users, who can then directly order server certificates.

Prices

Pricing for GÉANT TCS Certificates

HARICA became the supplier as of 1 January 2025. Pricing is under negotiation but is estimated to be comparable to previous levels.

Current prices:

  • OV Single Certificate: DKK 410
  • OV Wildcard Certificate: DKK 500
  • OV Multi-Domain Certificate: DKK 1,060
  • eScience (IGTF) Server Certificate: DKK 620
  • Code Signing Certificate:
    • 1 year: DKK 420
    • 2 years: DKK 520
    • 3 years: DKK 620
  • Personal Certificate: Free for up to 10 certificates; otherwise, DKK 100 per certificate.
  • Client eScience (IGTF) Certificate: Free

Pricing for DeiC’s ACME-DNS Service

The ACME-DNS service with DNS-01 challenge validation is free for all DeiC Research Network customers.

Users can choose any Certificate Authority (CA) supporting the ACME protocol, in combination with the ACME-DNS service for DNS validation. If using a free CA provider such as Let’s Encrypt, the certificates are also free.

DeiC can support specific implementations, our rate is DKK 950 per hour.

How to Obtain a Certificate through DeiC

Certificates via HARICA

You must use the HARICA Cert Manager, a self-service portal accessed using your institution’s login via the Academic Login option. Search for your institution and log in using WAYF.

CERT Manager Login
Foto: DeiC
CERT Manager Search
Foto: DeiC

The HARICA Cert Manager onboarding process is outlined here.

CERT Manager Onboarding Process
Foto: DeiC

PDF guides describing workflows for various roles in the onboarding process can be downloaded here:

HARICA support and guides can be found here on their website. API documentation is available here.

If you wish to test the service without incurring costs, you can use the HARICA staging service.

Certificates via ACME and DeiC's ACME-DNS service

Although HARICA supports the ACME protocol, DeiC currently recommends using one of the larger free services, such as Let’s Encrypt. For wildcard certificates or certificates for internal domains or servers not accessible via the internet, DeiC’s free ACME-DNS service can be used.

Technical details and instructions can be found on DeiC’s Codeberg page for ACME-DNS.

If automating using the ACME protocol has interest, you can get in touch (contact information below), and buy consultants to get started.

Contact Information

If you have questions or require assistance, please contact scs-ra@deic.dk.

Revised
23 Jan 2025

Related news and events

Kvantecomputer hvid baggrund
Foto: Colourbox
19 Feb 2024
DeiC participates in a European project on quantum communication
Broad Danish involvement collaborates to establish a quantum network between Lyngby, Copenhagen, and Odense over the next 2.5 years.
view
LUMI Søvnforskning
Foto: Kaare Mikkelsen
09 Jun 2023
Big Sleep Data: LUMI Supercomputer Trains Neural Networks for Sleep Research
Two graduate students at Aarhus University in Denmark have contributed to international research by developing tools for training neural networks on LUMI.
view
Amberscript webinar
DeiC will host a webinar on the new text-to-speech service called Amberscript.
view
Wayf
Grafik: DeiC
12 Apr 2021
The University of Reykjavík is now part of WAYF
With the University of Reykjavík, WAYF has now admitted its second Icelandic member. This continues the trend of recent years with growing adherence to WAYF among research and educational institutions throughout the North Atlantic area.
view
Videoundervisning
Grafik: Colourbox.
29 Mar 2021
Is digital education and homeworking here to stay?
In March 2020, many were thrown into online meetings and teaching from one day to the other. But what has it really taught us, and how can we use it when Corona is no longer dominating? Helle Rootzen, who is an expert in learning and digitalisation, gives her opinion on this.
view
Cloud
Grafik: DeiC
15 Mar 2021
Infrastructure-as-a-Service vendors have now been appointed
The tender process at GÉANT for the so-called Open Clouds for Research and Education contracts has now been completed. Hundreds of contracts have been concluded in many European countries.
view