spaces.internet2.edu has been upgraded to Confluence 6.5.0. If you have any questions and/or concerns, please contact us at websupport@internet2.edu
Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

InCommon Certificate Types

This page includes links to technical documents and service endpoints for each of the certificate types issued by the InCommon Certificate Service.

...

  • Certificate Chain:
    • AddTrust External CA Root
    • USERTrust RSA Certification Authority [DER]
    • InCommon RSA Server CA [DER]
    • End-Entity Certificate
  • {html}

    Certificate Revocation List:

    Wiki Markup
    HTML
    http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

    {html}

  • {html}

    Online Certificate Status Protocol:

    Wiki Markup
    HTML
    http://ocsp.incommon.org

    {html}

Anchor
ov-certs
ov-certs

Organizational Validation SSL/TLS Certificates

The intermediate CA known as the InCommon Server CA was deployed on February 1, 2011. Prior to that date, Organizational Validation (OV) SSL/TLS end-entity certificates were signed by the COMODO High Assurance Secure Server CA.

  • {html}

    Certificate Chain:

    Wiki Markup
    HTML
    <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>
    
    <br><span style="margin-left: 5em; line-height: 150%">InCommon Server CA [<a href="https://www.incommon.org/cert/repository/InCommonServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonServerCA.pem">PEM</a>]</span>
    
    <br><span style="margin-left: 7em; line-height: 150%">End-Entity Certificate</span>
    

    {html}

  • Intermediate CA Bundle for OV SSL/TLS Certificates
  • Certification Practices Statement for OV SSL/TLS Certificates
  • Certificate Profile for OV SSL/TLS Certificates
  • {html}

    Certificate Revocation List:

    Wiki Markup
    HTML
    http://crl.incommon.org/InCommonServerCA.crl

    {html}

  • {html}

    Online Certificate Status Protocol:

    Wiki Markup
    HTML
    http://ocsp.incommon.org

    {html}

Tip

To test the freshness of the CRL, type the following command:

$ curl -s http://crl.incommon.org/InCommonServerCA.crl | openssl crl -inform DER -noout -lastupdate -nextupdate

...

Extended Validation (EV) SSL/TLS Certificates became available on March 10, 2011.

  • {html}

    Certificate Chain:

    Wiki Markup
    HTML
    <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>
    
    <br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=104&nav=0,1,22">COMODO Certification Authority</a> [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/COMODOAddTrustServerCA.pem">PEM</a>]</span>
    
    <br><span style="margin-left: 7em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=103&nav=0,1,22">COMODO Extended Validation Secure Server CA</a> [<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/COMODOExtendedValidationSecureServerCA.pem">PEM</a>]</span>
    
    <br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
    

    {html}

  • Intermediate CA Bundle for EV SSL/TLS Certificates
  • Certification Practices Statement for EV SSL/TLS Certificates
  • Certificate Profile for EV SSL/TLS Certificates
  • {html}

    Certificate Revocation List:

    Wiki Markup
    HTML
    http://crl.comodoca.com

    {html}

    /COMODOExtendedValidationSecureServerCA.crl

  • {html}

    Online Certificate Status Protocol:

    Wiki Markup
    HTML
    http://ocsp.comodoca.com

    {html}

IGTF Server Certificates

The intermediate CA known as the InCommon IGTF Server CA was deployed on July 7, 2014.

...

The intermediate CA known as the InCommon RSA Standard Assurance Client CA was deployed on September 18, 2014.

    • Certificate Chain:
HTML
<br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a>Root [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>

<br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=114&nav=0,1">USERTrust RSA Certification Authority</a>Authority [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/USERTrustRSAClient_CA.pem">PEM</a>]</span>

<br><span style="margin-left: 7em; line-height: 150%">InCommon RSA Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonRSAStandardAssuranceClientCA.pem">PEM</a>]</span>

<br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates
    • Certificate Revocation List:

      HTML
      http://crl.incommon-rsa.org/InCommonRSAStandardAssuranceClientCA.crl
    • Online Certificate Status Protocol:

      HTML
      http://ocsp.incommon-rsa.org


SHA-1 Standard Assurance Client Certificates (deprecated)

The intermediate CA known as the InCommon Standard Assurance Client CA was deployed on March 10, 2011.

    {html}
    • Certificate Chain:

    • Wiki Markup
      HTML
      <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>
      
      <br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=114&nav=0,1">UTN-USERFirst-Client Authentication and Email</a> [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTNAddTrustClient_CA.pem">PEM</a>]</span>
      
      <br><span style="margin-left: 7em; line-height: 150%">InCommon Standard Assurance Client CA [<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonStandardAssuranceClientCA.pem">PEM</a>]</span>
      
      <br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
      

  • {html}
    {html}
    • Intermediate CA Bundle for Standard Client Certificates
    • Certification Practices Statement for Standard Client Certificates
    • Certificate Profile for Standard Client Certificates
    • Certificate Revocation List:

    • Wiki Markup
      HTML
      http://crl.incommon.org/InCommonStandardAssuranceClientCA.crl

  • {html}
    • Online Certificate Status Protocol:

      {html}
    • Wiki Markup
      HTML
      http://ocsp.incommon.org

  • {html}

Anchor
code-signing-certs
code-signing-certs

Code-signing Certificates

The intermediate CA known as the InCommon RSA Code Signing CA (SHA-2) was deployed on September 19, 2014.

 

The intermediate CA known as the InCommon Code Signing CA (SHA-1) was deployed on June 30, 2011.

    {html}
    • Certificate Chain:

    • Wiki Markup
      HTML
      <br><span style="margin-left: 3em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1">AddTrust External CA Root</a> [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/AddTrustExternalCARoot.pem">PEM</a>]</span>
      
      <br><span style="margin-left: 5em; line-height: 150%"><a href="https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=24&pcid=1&nav=0,1">UTN-USERFirst-Object</a> [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/UTN-USERFirst-Object.pem">PEM</a>]</span>
      
      <br><span style="margin-left: 7em; line-height: 150%">InCommon Code Signing CA [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.txt">Text</a>] [<a href="https://www.incommon.org/cert/repository/InCommonCodeSigningCA.pem">PEM</a>]</span>
      
      <br><span style="margin-left: 9em; line-height: 150%">End-Entity Certificate</span>
      

  • {html}

The following information is common to both the SHA-1 and SHA-2 InCommon intermediate CAs:

    {html}
  • {html}
    • Online Certificate Status Protocol:

      {html}
    • Wiki Markup
      HTML
      http://ocsp.incommon.org

  • {html}