Versions Compared

Old Version 1

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 54

changes.mady.by.user Paul Caskey (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

InCommon Certificate Types

This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.

Contents:

Table of Contents

Anchor
ssl-certs
ssl-certs

SSL/TLS Certificates

SHA-2 Server Certificates

...

The intermediate CA known as the InCommon RSA Server CA, which uses the SHA-2 hash algorithm, was deployed on September 22, 2014.

  • Certificate Revocation List:

    HTML
    http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

  • Online Certificate Status Protocol:

    HTML
    http://ocsp.incommon.org

Anchor
ov-certs
ov-certs

Organizational Validation SSL/TLS Certificates

The intermediate CA known as the InCommon Server CA was deployed on February 1, 2011. Prior to that date, Organizational Validation (OV) SSL/TLS end-entity certificates were signed by the COMODO High Assurance Secure Server CA.

  • Certificate Chain:

    Wiki Markup[AddTrust External CA Root

    HTML
    <br><span style="margin-left: 3em; line-height: 150%"><a href="
    |
    https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1
    ] \[[Text|
    ">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>]
    \]
    \[[PEM|
    [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem
    ]\] Wiki MarkupInCommon
    ">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">InCommon Server CA
    \[[Text|
    [<a href="https://www.incommon.org/cert/repository/InCommonServerCA.txt">Text</a>]
    \]
    \[[PEM|
    [<a href="https://www.incommon.org/cert/repository/InCommonServerCA.pem
    ]\]End-Entity Certificate
    ">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">End-Entity Certificate</span>

...

  • :

    HTML
    http://ocsp.incommon.org
Tip

To test the freshness of the CRL, type the following command:

$ curl -s http://crl.incommon.org/InCommonServerCA.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

Anchor
ev-certs
ev-certs

Extended Validation SSL/TLS Certificates

Extended Validation (EV) SSL/TLS Certificates became available on March 10, 2011.

  • Certificate Chain:

    Wiki Markup[AddTrust External CA Root|
    HTML
    <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1
    ] \[[Text|
    ">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt
    ]\
    ">Text</a>]
    \[[PEM|
    [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem
    ]\] Wiki Markup[COMODO Certification Authority|
    ">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=104&nav=0,1,22
    ] \[[Text|
    ">COMODO Certification Authority</a> [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.txt">Text</a>]
    \]
    \[[PEM|
    [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.pem
    ]\] Wiki Markup[COMODO Extended Validation Secure Server CA|
    ">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=103&nav=0,1,22
    ] \[[Text|
    ">COMODO Extended Validation Secure Server CA</a> [<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.txt
    ]\
    ">Text</a>]
    \[[PEM|
    [<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.pem
    ]\]End-Entity Certificate
    ">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
  • Intermediate CA Apache Bundle for EV SSL/TLS Certificates
  • Certification Practices Statement for EV SSL/TLS Certificates
  • Certificate Profile for EV SSL/TLS Certificates

  • Certificate Revocation List:

    HTML
    http://crl.comodoca.com

    /COMODOExtendedValidationSecureServerCA.crl

  • Online Certificate Status Protocol:

    HTML
    http://ocsp.comodoca.com

IGTF Server Certificates

The intermediate CA known as the InCommon IGTF Server CA was deployed on July 7, 2014.

Anchor
client-certs
client-certs

Client Certificates

SHA-2 Standard Assurance

...

Client Certificates

The intermediate CA known as the InCommon RSA Standard Assurance Client CA was deployed on September 18, 2014.

    • Certificate Chain:
    • Wiki Markup
HTML
<br><span style="margin-left: 3em; line-height: 150%">AddTrust External CA Root [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">USERTrust RSA Certification Authority [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon RSA Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates

    • Certificate Revocation List:

      HTML
      http://crl.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl

    • Online Certificate Status Protocol:

      HTML
      http://ocsp.incommon-rsa.org


SHA-1 Standard Assurance Client Certificates (deprecated)

The intermediate CA known as the InCommon Standard Assurance Client CA was deployed on March 10, 2011.

    • Certificate Chain:

      HTML
      <br><span style="margin-left: 3em; line-height: 150%"><a href="
    • [AddTrust External CA Root|
    • https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1
    • ] \[[Text|
    • ">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>]
    • \]
    •
    • \[[PEM|
    • [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem
    • ]\] Wiki MarkupUTN
    • ">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=114&nav=0,1">UTN-USERFirst-Client Authentication and
    • Email
    • Email</a>
    • \[[Text|
    • [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.txt">Text</a>]
    • \]
    •
    • \[[PEM|
    • [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.pem
    • ]\] Wiki MarkupInCommon
    • ">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon Standard Assurance Client CA
    • \[[Text|
    • [<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.txt
    • ]\
    • ">Text</a>]
    • \[[PEM|
    • [<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.pem
    • ]\]End-Entity Certificate
    • ">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>

Bronze Assurance Personal Certificates

Not yet available

Silver Assurance Personal Certificates

Not yet available

Gold Assurance Personal Certificates

Not yet available

Code-signing Certificates

 Anchor
code-signing-certs
code-signing-certs
Code-signing Certificates
The intermediate CA known as the InCommon RSA Code Signing CA (SHA-2) was deployed on September 19, 2014.

The intermediate CA known as the InCommon Code Signing CA (SHA-1) was deployed on June 30, 2011.
    • Certificate Chain:
       HTML
      <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=24&pcid=1&nav=0,1">UTN-USERFirst-Object</a> [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon Code Signing CA [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>

The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:
    • Certification Practices Statement for Code-Signing Certificates
    • Certificate Revocation List:
       HTML
      http://crl.incommon.org/InCommonCodeSigningCA.crl
    • Online Certificate Status Protocol:
       HTML
      http://ocsp.incommon.org
...