spaces.internet2.edu has been upgraded to Confluence 5.10.6. Please check it out. Send questions to confluencesupport@internet2.edu
Skip to end of metadata
Go to start of metadata
  • InCommon Certificate Types

This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.

Contents:

SSL/TLS Certificates

SHA-2 Server Certificates

The intermediate CA known as the InCommon RSA Server CA, which uses the SHA-2 hash algorithm, was deployed on September 22, 2014.

  • Certificate Chain:
    • AddTrust External CA Root
    • USERTrust RSA Certification Authority [DER]
    • InCommon RSA Server CA [DER]
    • End-Entity Certificate
  • Certificate Revocation List:

    http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

  • Online Certificate Status Protocol:

    http://ocsp.incommon.org

Organizational Validation SSL/TLS Certificates

The intermediate CA known as the InCommon Server CA was deployed on February 1, 2011. Prior to that date, Organizational Validation (OV) SSL/TLS end-entity certificates were signed by the COMODO High Assurance Secure Server CA.

  • Intermediate CA Bundle for OV SSL/TLS Certificates
  • Certification Practices Statement for OV SSL/TLS Certificates
  • Certificate Profile for OV SSL/TLS Certificates
  • Certificate Revocation List:

    http://crl.incommon.org/InCommonServerCA.crl

  • Online Certificate Status Protocol:

    http://ocsp.incommon.org

To test the freshness of the CRL, type the following command:

$ curl -s http://crl.incommon.org/InCommonServerCA.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

Extended Validation SSL/TLS Certificates

Extended Validation (EV) SSL/TLS Certificates became available on March 10, 2011.

  • Intermediate CA Bundle for EV SSL/TLS Certificates
  • Certification Practices Statement for EV SSL/TLS Certificates
  • Certificate Profile for EV SSL/TLS Certificates
  • Certificate Revocation List:

    http://crl.comodoca.com

    /COMODOExtendedValidationSecureServerCA.crl

  • Online Certificate Status Protocol:

    http://ocsp.comodoca.com

IGTF Server Certificates

The intermediate CA known as the InCommon IGTF Server CA was deployed on July 7, 2014.

  • Certificate Chain:
    • AddTrust External CA Root
    • COMODO RSA Certification Authority [DER]
    • InCommon IGTF Server CA [DER]
    • End-Entity Certificate

Client Certificates

SHA-2 Standard Assurance Client Certificates

The intermediate CA known as the InCommon RSA Standard Assurance Client CA was deployed on September 18, 2014.

    • Certificate Chain:

AddTrust External CA Root [Text] [PEM]
USERTrust RSA Certification Authority [Text] [PEM]
InCommon RSA Standard Assurance Client CA [Text] [PEM]
End-Entity Certificate
    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates
    • Certificate Revocation List:

      http://crl.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl
    • Online Certificate Status Protocol:

      http://ocsp.incommon-rsa.org


SHA-1 Standard Assurance Client Certificates (deprecated)

The intermediate CA known as the InCommon Standard Assurance Client CA was deployed on March 10, 2011.

    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates
    • Certificate Profile for Standard Client Certificates
    • Certificate Revocation List:

      http://crl.incommon.org/InCommonStandardAssuranceClientCA.crl

    • Online Certificate Status Protocol:

      http://ocsp.incommon.org

Code-signing Certificates

The intermediate CA known as the InCommon RSA Code Signing CA (SHA-2) was deployed on September 19, 2014.

 

The intermediate CA known as the InCommon Code Signing CA (SHA-1) was deployed on June 30, 2011.

The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:

    • Certification Practices Statement for Code-Signing Certificates
    • Certificate Revocation List:

      http://crl.incommon.org/InCommonCodeSigningCA.crl

    • Online Certificate Status Protocol:

      http://ocsp.incommon.org

 

  • No labels