Description and Value Proposition
The Trusted Certificate Service (TCS) allows a variety of digital certificates to be offered to research and education institutions served by participating National Research and Education Networks (NRENs). TCS takes advantage of a bulk purchasing arrangement whereby NRENs may issue close to unlimited numbers of certificates for a flat fee.
Offering
The Trusted Certificate Service (TCS) provides a centralised mechanism to manage digital certificates issued by an internationally trusted Certificate Authority in a centralised, cost effective, resilient and simple way, enabling NRENs to provide secure services to their users.
Reason to Act
NRENs today are called to offer a range of services to their custumers/users that are increasingly relying on security and privacy: from ensuring secure communication, to trusted data delivery, to e-commerce. Digital Certificates signed by internally accredited, trusted and recognised Certification Autorities (CA) allow NRENs to provide the required level of security to their users, successfully implementing services for their final users. Finally NRENs could need to resell/offer digitally signed certificated to their users (campuses, research labs, …)
To satisfy the need of trusted certificates, NRENs were used to find their own arrangements either buying quite expensive certificates from individual CAs or buying cheaper unsigned certificates (that does not provide the required level of security). In addition NREN had to budget man power and expertise to manage the certificate provisioning.
Customer Experience
The newest iteration of GÉANT's TCS has developed a new Web portal, which is expected to improve the user experience of ordering digital certificates because SAML-based federated access has been built in. The portal was extensively tested by technical experts from the GÉANT TCS community. It is up-to-date with recent changes to the Secure Hash Algorithm (SHA), which plays an important role in signing digital certificates used to support secure websites. The DigiCert TCS will provide the more secure SHA-2 supported certificates that replace the original SHA-1 type.
Benefits
Cost reduction and more efficient Trust Certificate management, providing the centralised procurement and brokering function for secure digital certificates issued by an internationally trusted and recognised Certification Authority.
Costs
Specified in the TCS contract
Alternatives
Commercial certificates (costly, and do not always match NREN security needs).
NRENs to have their own arrangement with an internationally recognised Certification Authorities (CA) to supply certificates to their community.
Self-signed certificates (lower trust).