Server Certificates

A server certificate certifies the identity of a server and enables secure, encrypted communication.

The DeiC certificate service provices schools and research and education institutions with server certificates. A server certificate ensures the identity of the server you are connected to. It also enables encryption. A server with a DeiC certificate is safe to visit.

Two service models for certificates

The DeiC certificate service offers server certificates from two vendors. Server certificates signed by GÉANT are delivered through a collaboration with GÉANT and Digicert. Other server certificates are supplied by Comodo.

GÉANT certificates from Digicert are delivered via a self-service portal mainly focused at universities and larger research institutions.

The Comodo certificates are handled by DeiC on behalf of the customer.

The technology behind DeiC certificates

If a server certificate is correctly installed, the user's browser registers it when entering the web site. According to the strength of the certificate the browser may react in two ways: It may show a pop-up window asking the user to trust the certificate. Or the browser may recognize the certificate based on its list of trusted certificate authorities. Then the user sees no pop-up. A DeiC certificate is of the latter variety.

  • Universities and larger research institutions may choose GÉANT server certificates from Digicert. The institution manages the certificates via a self-service user portal where one or more individuals take care of ordering and validation.
  • Schools and smaller institutions who only need a few certificates may buy certificates from Comodo through DeiC.

Both types of server certificates are available at an affordable price. Support and guidance is available regarding application, installation and renewal of certificates. The Forskningsnet certificates are based on the GÉANT SSL certificate from Digicert. The other certificates are based on the Comodo SSL certificate.

Both types may be valid one, two or three years. They may be used on all web servers supporting the x509 v3 standard. There are three types of certificates: Single certificates for a single domain, star certificates and multi-domain certificates (SAN certificates). Customers may choose between OV (Organization Validated) and EV (Extended Validation).

Rules for GÉANT certificates

Organisations applying for a GÉANT certificate must comply with the following requirements:

  1. GÉANT certificate are for institutions within research and education.
  2. The institution must sign a Trusted Certificate Service (TCS) Subscriber Agreement covering the requirements set by GÉANT and Digicert.
  3. The institution must appoint one or more people responsible for ordering certificates on behalf of the institution.
  4. DeiC creates the appropriate administrator/user accounts needed for subsequent ordering of server certificates.

Rules for Comodo certificates

Organisations applying for a Comodo certificate must comply with the following requirements:

  1. DeiC certificate are for institutions within research and education.
  2. The institution must own the domain name.
  3. The ordering party must be appointed by the management of the institution. A document confirming the appointment must be sent to scs-ra@deic.dk
  4. The technical contact who orders the certificate must have a digital signature. Danish citizens may order a personal digital signature for free at https://www.nemid.nu/dk-da/digital_signatur/. A NemID employee certificate is also acceptable.

Ordering a DeiC Comodo certificate

If the criterias mentioned above are met, this is how to order a certificate: 

  1. The management of the institution must fill out the form below. In the form, the management is authorising a person to be technically responsible for the further processing. The form should be sent by e-mail to DeiC (scs-ra@deic.dk).
    Get authorization form (in Danish)
  2. The technical responsible person now has to prepare the webservers for the certificate. You can find a manual on the Comodo website.
  3. The technically responsible person has to produce a CSR file  ("Certificate Signing Request" file) for each domain on the webserver. You can find a guide here on the Comodo support pages
    Remember to save the private key to a safe place. Without the private key it is not possible to install the certificate and you must order a new one.
  4. Each CSR file should be attached to a digitally signed mail to scs-ra@deic.dk.
    It is important that the e-mail address of the technically responsible person is the same as the one in the digital signature of the person. 
  5. Once the first order has been processed, the technically responsible person may order new certificates by sending a digitally signed mail to scs-ra@deic.dk. It is not necessary to fill in the form again. The relevant CSR file should be attached to the e-mail.
  6. DeiC validates the information about ownership of each domain and the validity of the digital signature. 
  7. DeiC sends the certificate to the technically responsible person. 
  8. The technically responsible person implements the certificate.

Installing theDeIC certificate

The way the certificate should be installed depends on the server type. You can read more about how to correctly install it on the Comodo support pages.

Pricing DeiC OV server certificates via GÉANT and Digicert
  • Single certificate: DKK 650
  • Star certificate: DKK 800
  • Multidomain certificate: DKK 1,700

VAT should be added to all prices.

 

 

Revised
30 Nov 2021