How to obtain a trusted certificate

The method to obtain a certificate in order to configure your RadSec server is described here.

However, not everyone can setup a RadSec server. Below are the requirements to be met and actions to be undertaken.

 

Requirements:

  • You need to be member of the Belnet R&E Federation. To become a member click here.
  • You need subscribe to the Belnet Personal certificate service. To subscribe click here.                                                                                                                                      

     

If your organisation fulfills the requirements then you can obtain the trusted certificates in 10 steps:

1. Download the java application ‘Certificate request generator’ from the eduPKI website. click here.

The following interface is displayed.

EduPIK.jpg

 

2. The Server name :

Needs to contain a fully qualified domain name server name. Only one name per line is allowed. The first one will be used as CN (common name) and the others will be set as subject alternative name.

 

3. Email address in certificate :

The address that will be used when you will sign the request form using DCS personal certificates.

 

4. Organisation :

This needs to be the official name of your organisation. The same name you use when you request sever certificates through DCS certificates service.

 

5. Certificate profile : 

There are 3 possible profiles, but the only one you need to select is « eduroam IdP and SP » profile. You can select « eduroam SP » if you will only become an eduroam Service Provider.

 

6. Requester's name :

This is the first name and last name of a Belnet eduroam contact person.

 

7. Requester contact email address :

This is the email address of the Belnet eduroam contact person.

 

8. Generate key pair and certificate request:

Click on this on item and then the process of generating the certificate request will begin. This can take some time depending on your computer’s CPU.

 

9. Save your certificate private key:

When this process is done a pop-up window will appear and ask you to save the certificate private key and the request form in PDF format. Select the directory where you want to save it. You might need this information later on, so please do remember where you have saved it.

 

Folder name.png

 

10. Send your signed email:

Please mail the PDF form via a signed email using your DCS personal certificate.

Please do mind that the email signature needs to be for the email address that can be found in the certificate request. The eduPKI eduroam RA staff will verify that the request is valid, and then they will issue your certificate as quickly as possible. The verification procedure includes human processing and is not immediate, so please foresee a delivery time of a few business days.