Versions Compared

Old Version 17

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 55

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip
titleInCommon Certificate Service SSO and MFA Available

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details.

InCommon Certificate Types

This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.

Contents:

Table of Contents

Anchor
serverssl-certsserver
ssl-certs

SSL/TLS Certificates

SHA-2 Server Certificates

The intermediate CA known as the InCommon RSA Server CA, which uses the SHA-2 hash algorithm, was deployed on September 22, 2014.

  • Certificate Chain (Comodo's version of the chain):

      ...

        • USERTrust Secure [DER]
        • InCommon RSA Server CA [DER]
        • End-Entity Certificate

      • Certificate Revocation List:

        HTML
        http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

      • Online Certificate Status Protocol:

        HTML
        http://ocsp.incommon.org

      Anchor
      ov-certs
      ov-certs

      Organizational

      ...

      Validation SSL/TLS Certificates

      The intermediate CA known as the InCommon Server CA was deployed on February 1, 2011. Prior to that date, Organizational Validation (OV) SSL/TLS end-entity certificates were signed by the COMODO High Assurance Secure Server CA.

      • Certificate Chain:

        HTML
        
<br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">InCommon Server CA [<a href="https://www.incommon.org/cert/repository/InCommonServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonServerCA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">End-Entity Certificate</span>
      Tip

      To test the freshness of the CRL, type the following command:

      $ curl -s http://crl.incommon.org/InCommonServerCA.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

      Anchor
      ev-certs
      ev-certs

      Extended Validation SSL/TLS Certificates

      Extended Validation (EV) SSL/TLS Certificates became available on March 10, 2011.

      • Certificate Chain:

        HTML
        
<br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=104&nav=0,1,22">COMODO Certification Authority</a> [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=103&nav=0,1,22">COMODO Extended Validation Secure Server CA</a> [<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
      • Intermediate CA Apache Bundle for EV SSL/TLS Certificates
      • Certification Practices Statement for EV SSL/TLS Certificates
      • Certificate Profile for EV SSL/TLS Certificates

      • Certificate Revocation List:

        HTML
        http://crl.comodoca.com

        /COMODOExtendedValidationSecureServerCA.crl

      • Online Certificate Status Protocol:

        HTML
        http://ocsp.comodoca.com

      IGTF Server Certificates

      The intermediate CA known as the InCommon IGTF Server CA was deployed on July 7, 2014.

      • Certificate Chain:
        • AddTrust External CA Root
        • COMODO RSA Certification Authority [DER]
        • InCommon IGTF Server CA [DER]
        • End-Entity Certificate

      Anchor
      client-certs
      client-certs

      Client Certificates

      SHA-2 Standard Assurance Client Certificates

      The intermediate CA known as the InCommon RSA Standard Assurance Client CA was deployed on September 18, 2014.

        • Certificate Chain:
      HTML
      <br><span style="margin-left: 3em; line-height: 150%">AddTrust External CA Root [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%">USERTrust RSA Certification Authority [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon RSA Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
        • Intermediate CA Bundle for Standard Client Certificates
        • Certification Practices Statement for Standard Client Certificates

        • Certificate Revocation List:

          HTML
          http://crl.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl

        • Online Certificate Status Protocol:

          HTML
          http://ocsp.incommon-rsa.org


      SHA-1 Standard Assurance Client Certificates (deprecated)

      The intermediate CA known as the InCommon Standard Assurance Client CA was deployed on March 10, 2011.

        • Certificate Chain:

          HTML
        • <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=114&nav=0,1">UTN-USERFirst-Client Authentication and Email</a> [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
        • Apache
        • Bundle for Standard Client Certificates
        • Certification Practices Statement for Standard Client Certificates
        • Certificate Profile for Standard Client Certificates

        • Certificate Revocation List:

          HTML
          http://crl.incommon.org/InCommonStandardAssuranceClientCA.crl

        • Online Certificate Status Protocol:

          HTML
          http://ocsp.incommon.org

      Anchor
      code-signing-certs
      code-signing-certs

      Code-signing Certificates

      ...

      The intermediate CA known as the InCommon RSA Code Signing CA (SHA-2) was deployed on September 19, 2014.


      The intermediate CA known as the InCommon Code Signing CA (SHA-1) was deployed on June 30, 2011.

        • Certificate Chain:

          HTML
          <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=24&pcid=1&nav=0,1">UTN-USERFirst-Object</a> [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon Code Signing CA [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>

      The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:

        • Certification Practices Statement for Code-Signing Certificates

        • Certificate Revocation List:

          HTML
          http://crl.incommon.org/InCommonCodeSigningCA.crl

        • Online Certificate Status Protocol:

          HTML
          http://ocsp.incommon.org