Digital certificates are used to establish secure communication channels on the Internet. When accessing a server (web-server, email server, etc.), downloading information, accessing or exchanging sensitive data or t (i.e. user credentials), end-users must be sure that they are absolutely secure. It means that they have accessed the right server and that the communication with the server is secure, i.e. encrypted and that nobody can intercept, read or change data. Use of SSL/TLS technology ensures required security, but it also requires that the parties in communication have appropriate digital certificates. The following are currently used in Internet communication:
- Digital server certificates –provided for web, email, RADIUS and similar servers, used as server identification in order to establish reliable connection between the end-user and the server or mutual trust between the servers.
- Digital client certificates – intended for end-users, used as identification of end-users in order to establish reliable connection between the end-user and the service or typically between two users in email communication.
TCS Services of Issuing Digital SSL/TLS Certificates
AMRES, in cooperation with GÉANT organization, offers the service of issuing digital SSL/TLS certificates to AMRES users who have the right to use domains within "ac.rs" domain. GÉANT organization has agreement signed with the renowned certification company DigiCert which provides it with the right to offer the service of issuing unlimited number of digital SSL/TLS certificates to European academic networks. GÉANT offers this service under the name TCS (Trusted Certificate Service), and AMRES as the member of GÉANT organization has the right to access and toffer the service to its users.
GÉANT, in cooperation with certification company DigiCert, established intermediate certification authority called TERENA SSL CA 3 which issues and signs all digital SSL/TLS certificates within the TCS service. Certificate of intermediate certification authority TERENA SSL CA 3 is signed by root certification authority DigiCert Assured ID Root CA which is preinstalled in all well-known operating systems, email and web clients . This enables creation of the chain of trust, i.e. certification path which is recognized as secure and reliable by majority of software and operating system manufacturers.
Within the TCS service, AMRES users may obtain the following types of digital certificates:
- Server certificates for single domain name with validation of organization (SSL plus)
- Server certificates for multiple domain names with validation of organization (Multi-Domain SSL)
- Server certificate for all sub-domain names of one domain with validation of organization (Wildcard Plus)
- Server certificate for single domain name with extended validation (EV SSL Plus)
- Server certificate for multiple domain names with extended validation (EV Multi-Domain)
- Client certificate for signing (Digital Signature Plus)
- Client certificate for encryption (Email Security Plus)
- Client email certificate for encryption and signing (Premium)
- Certificate of organization for signing Adobe documents (Document Signing – Organization 2000/5000)
- Certificate for signing programme code (Code signing)
- Certificate for signing programme code with extended validation (EV Code signing)
- Grid certificates (Host/Client/Robot Grid)
If AMRES user wants to use the TCS service, it is necessary to register to TCS service.
AMRES users registered to TCS service can issue digital SSL/TLS certificates via central DigiCert portal.
In order to get opportunity to obtain digital SSL/TLS certificates, AMRES users registered to TCS service must previously undergo the procedure of domain and organization validation.
After successful registration, validation of organization and validation of domain, TCS service users may obtain required digital SSL/TLS certificates quickly and easily in the way described in guidelines for providing certificate (Serbian version only).