Certificates

TLS certificates

We have two options:

1. LetsEncrypt certificates

For services exposing the http port to the internet, certificates can be automated:

The kubernetes clusters uses automatic LetsEncrypt certificates.
VMs can receive certificates by utilizing the letsencrypt module in puppet.

2. Trusted Certificate Service by GÉANT

The Trusted Certificate Service (TCS) is delivered by the Hellenic Academic & Research Institutions Certification Authority (HARICA).
(For more information about the TCS, see the FAQ in the GÉANT wiki).

Order certificate manually:

To order a certificate, log in using Academic Login on the Certificate Manager.
Follow the instructions in the guide to submit your CSR and order a DV (Domain Validated) certificate.
After ordering a certificate, send an email about it to the approvers to receive the certificate.

Automated certificates (ACME)

TBA. As of March 2025, we are still waiting for an improved ACME service from HARICA. ETA: May 2025.

S/MIME certificate

The TCS also supports certificates for email purposes (S/MIME).
You can order one in the Certificate Manager.
Log in using Academic Login.
Follow the instructions in the guide.

TLS certificates​

1. LetsEncrypt certificates​

2. Trusted Certificate Service by GÉANT​

Order certificate manually:​

Automated certificates (ACME)​

S/MIME certificate​