Certificates
TLS certificates
We have two options:
1. LetsEncrypt certificates
For services exposing the http port to the internet, certificates can be automated:
- The kubernetes clusters uses automatic LetsEncrypt certificates.
- VMs can receive certificates by utilizing the letsencrypt module in puppet.
2. Trusted Certificate Service by GÉANT
The Trusted Certificate Service (TCS) is delivered by the Hellenic Academic & Research Institutions Certification Authority (HARICA).
(For more information about the TCS, see the FAQ in the GÉANT wiki).
Order certificate manually:
To order a certificate, log in using Academic Login on the Certificate Manager.
Follow the instructions in the guide to submit your CSR and order a DV (Domain Validated) certificate.
After ordering a certificate, send an email about it to the approvers to receive the certificate.
Automated certificates (ACME)
TBA. As of March 2025, we are still waiting for an improved ACME service from HARICA. ETA: May 2025.
S/MIME certificate
The TCS also supports certificates for email purposes (S/MIME).
You can order one in the Certificate Manager.
Log in using Academic Login.
Follow the instructions in the guide.