PageContent
Digital certificates
Certificates protection
- Private keys must be properly protected (chmod 400 for Linux systems)
- Private keys must not be stored on media accessible via network (for example via AFS or NFS)
- The personal certificate must be protected by a password of appropriate length (minimum 12 characters).
Certificates issue
The contract currently in place was signed with Sectigo (formerly Comodo), starting on May 1, 2020.
All certificates issued by Terena-Digicert, previous contract, will remain valid until their expiry.
Server certificates
Send the request email with the following characteristics:
- to: ra <AT> bo.infn.it (local RA – DRAO)
- Subject: Server certificate request for xxxx.bo.infn.it
- Attach: server.csr (attach the server.csr file) (below you will find the procedure to generate the server.csr file)
- Body: Specify the server name, any aliases
- the mail must be digitally signed
Subsequently, after the local RA has submitted the request, you will receive an email with instructions to download the certificate.
Procedure for generating server certificate request
For the generation of the certificate request and the private key you can follow the instructions published on the national wiki:
How to request a Server certificate (italian only)
