Application Process for the JANET Service Certificate Service

Organisations should check whether they are eligible for this service. Certificates issued through this service cannot be used for commercial transactions so cannot be used to secure credit card transactions or any other request that will result in the transfer of money between individuals or organisations.

A presentation given at Networkshop 35 provided an overview and walkthrough to the JANET Server Certificate Service.

1. Registration of Organisation:

  • Eligible organisations apply to join the JANET SCS by sending an email to the Registration Authority (RA) at service@ja.net;
  • Eligible organisations will be referred to the Proxy document which they must complete. A minimum of two contacts who are authorised to apply for certificates on behalf of the organisation must be given, listing their names, contact details and specimen signatures;
  • The proxy document must be signed, and initialled on the other pages (including Schedule 1), by someone entitled to sign legal documents on behalf of the organisation;
  • The proxy document must also be accompanied by documented evidence of the organisation’s legal existence which must originate from a trusted third party source. Example documentation includes Royal Charters, Instruments of Government or Companies House registrations;
  • The proxy document must be returned to JANET by post;
  • Once the proxy document has been received and acknowledged, JANET will check all the details and record it in an auditable manner, prior to confirming to the organisation that the request has been accepted and that they are now a member of the JANET SCS.

2. Details of the SCS request and the process:

  • One of the primary connected organisation's authorised contacts, as detailed within the proxy document, may complete the online certificate request form held at

https://www.globalsign.net/ra/terena/janet/edu.cfm;

 

  • The admin contact details for the request must reflect one of the organisation's authorised contacts, as detailed within schedule 1 of the Proxy document;
  • Once the form has been submitted, the admin contact, as detailed in the web form, receives an email challenge which asks for them to confirm the request on behalf of their organisation by replying to the email in one of the following ways:
    1. Print the e-mail message and sign by hand. This can then be returned by either:
      • Postal mail
      • Fax to 0870 850 2213
      • e-mail, where the signed email is attached as a scanned image in PDF document (or similar);
    2. Reply to the email challenge using a digitally signed email. The certificate used for signing must reflect an adequate assurance level. Such a certificate must be of an assurance level equal to or higher than the GlobalSign PersonalSign 2 Pro certificate type. Such certificates offer assurances to the identity of the individual and also the organisation within which they work.
  • Once the email has been returned, JANET checks:
    • that the requesting organisation is currently registered as a member of the SCS;
    • that the admin contact details included within the request match those of an authorised contact for the organisation, as detailed in schedule 1 of the Proxy document;
    • that the request is signed by the admin contact by comparing the signature to the specimen signature provided within schedule 1 of the Proxy document;
    • that the common name includes the main domain name and extension (e.g. server.ja.net);
    • that the domain name is registered to the full legal name of the applying organisation (as detailed in the Proxy document). The name of the domain owner must exactly match that of the applying organisation. Details of the domain registration can be found using the Check Domain query tool.
    • that the country name used within the subject of the CSR reads "GB";
    • that the request is technically valid;
  • Provided that the request passes the checks above it can be authorised by JANET. The GlobalSign system will then send an email to the technical contact, named within the certificate request. The email will contain a copy of the issued certificate, along with links to the corresponding intermediate certificate.
  • If JANET is unable to authorise the request, an email explaining the reasons for this will be sent to the admin contact, as detailed within the request. The request may then be denied in the GlobalSign system, depending upon the reasons behind JANET being unable to authorise the request.

 

 

 

 

Privacy Policy | Web Admin
© The JNT Association,
JANET(UK), Lumen House, Library Avenue
Harwell Science and Innovation Campus, Didcot, Oxfordshire
OX11 0SG

"));