Client Certificates

Client certificates are used to ensure secure and reliable communication channel between the parties that communicate, as well as authentication, data integrity and confidentiality of transferred information Only with the use of client certificate, end-user may be sure that his sensitive data cannot be intercepted, read or modified. These certificates are most frequently used in email correspondence with the aim to confirm identity of the parties that exchange messages and in order to encode the information being sent..

Digital client certificates can be issued by the authority that end-users and/or software manufacturers trust, i.e. by those whose certificates are embedded in user applications and by which user access servers or mutually exchange information. Typical example of using certificate is within  email clients on end-user computers. Users sign email message digitally with client certificates. In this way they guarantee that they have personally sent that email message and that it was not modified on the way to other participant in communication. Email client of the person who receives signed message, e.g.  Microsoft Outlook or Mozilla Thunderbird, must have trust in user digital certificates in order to recognize digital signature and the message and mark it as correct and checked. 

TCS Service of Issuing Digital Client Certificates

AMRES, in cooperation with GÉANT organization, offers issuance of digital SSL/TLS certificates to AMRES users who have the right to use domains within "ac.rs" domains. GÉANT organization has agreement signed with renowned certification body DigiCert within which it has right to offer service of issuing unlimited number of digital SSL/TLS certificates to European academic networks. GÉANT offers this service under the name TCS (Trusted Certificate Service), and AMRES as the member of GÉANT organization has the right to access and offer the service to its users.

GÉANT, in cooperation with certification body DigiCert, formed intermediate certification authority called TERENA SSL CA 3 which issues and signs all digital SSL/TLS certificates within the TCS service. Certificate of intermediate certification authority TERENA SSL CA 3 is signed by root certification body  DigiCert Assured ID Root CA which is preinstalled in all well-known operating systems, email and web clients. This enables creation of chain of trust, i.e. certification path which is recognized as secure and reliable by majority software and operating system manufacturers.

Administrator of AMRES user can request digital certificate for end-users if following preconditions have been met:

  • AMRES user must have registered "ac.rs" domain,
  • AMRES user must be registered for using TCS service and must have created administrator account on central DigiCert portal,
  • AMRES user must have successfully created organization on DigiCert portal and completed procedure for organization validation and domain validation.

If all preconditions have been met, administrators of AMRES users may request unlimited number of client certificates (previously known as personal certificates) via DigiCert portal for the needs of end-users.

The following types of digital client certificates are available within the TCS service: 

  • Client certificates for signing (Digital Signature Plus)
  • Client certificates for encryption (Email Security Plus)
  • Client email certificate for encryption and signing (Premium)

Administrators are recommended to follow guidelines given in Instructions for Obtaining TCS Certificate via DigiCert portal (Serbian version only) when they want to obtain a certificate.