Registration Process for the JANET Server Certificate Service

Any JANET connected organisation with a primary connection can apply to join this service. JANET has been authorised by the GlobalSign Registration Authority to issue Server Certificates to its JANET connected customers.

A presentation given at Networkshop 35 provided an overview and walkthrough to the JANET Server Certificate Service, a video of which can be found here.

1. Registration of Organisation:

• The JANET primary connected organisation applies to join the SCS by sending an email to the Registration Authority (RA) at service@ja.net;
• Eligible organisations will be referred to the Proxy document which they must complete. This document is a formal legal document which forms an addendum to the existing contract between JANET and the organisation. A minimum of two authorised contacts who are authorised to apply for certificates on behalf of the organisation must be given, listing their names, contact details and specimen signatures;
• The proxy document must be signed, and initialled on the other pages (including Schedule 1), by someone entitled to sign legal documents on behalf of the organisation, such as Registrar/Secretary level;
• The proxy document must also be accompanied by documented evidence of the organisation’s legal existence which must originate from a trusted third party source. Example documentation includes Royal Charters, Instruments of Government or Companies House registrations;
• The proxy document must be returned to JANET by regular mail;
• Once the proxy document has been received and acknowledged, JANET will check all the details and record it in an auditable manner, prior to confirming to the organisation that the request has been accepted and that they are now a member of the JANET SCS.

2. Details of the SCS request and the process:

• One of the primary connected organisation's authorised contacts, as detailed within the proxy document, may complete the online certificate request form held at

https://www.globalsign.net/ra/terena/janet/edu.cfm;

 

• The admin contact details for the request must reflect one of the organisation's authorised contacts, as detailed within schedule 1 of the Proxy document;
• Once the form has been submitted, the admin contact, as detailed in the web form, receives an email challenge which asks for them to confirm the request on behalf of their organisation by replying to the email in one of the following ways:
1. Print the e-mail message and sign by hand. This can then be returned by either:
   • Postal mail
   • Fax to 0870 850 2213
   • e-mail, where the signed email is attached as a scanned image in PDF document (or similar);
2. Reply to the email challenge using a digitally signed email. The certificate used for signing must reflect an adequate assurance level. Such a certificate must be of an assurance level equal to or higher than the GlobalSign PersonalSign 2 Pro certificate type. Such certificates offer assurances to the identity of the individual and also the organisation within which they work.
• Once the email has been returned, JANET checks:
  • that the requesting organisation is currently registered as a member of the SCS;
  • that the admin contact details included within the request match those of an authorised contact for the organisation, as detailed in schedule 1 of the Proxy document;
  • that the request is signed by the admin contact by comparing the signature to the specimen signature provided within schedule 1 of the Proxy document;
• that the common name includes the main domain name and extension (e.g. server.ja.net);
• that the domain name is registered to the full legal name of the applying organisation (as detailed in the Proxy document). The name of the domain owner must exactly match that of the applying organisation. Details of the domain registration can be found using the Check Domain query tool.
• that the country name used within the subject of the CSR reads "GB";
• that the request is technically valid;
• Provided that the request passes the checks above it can be authorised by JANET. The GlobalSign system will then send an email to the technical contact, named within the certificate request. The email will contain a copy of the issued certificate, along with links to the corresponding intermediate certificate.
• If JANET is unable to authorise the request, an email explaining the reasons for this will be sent to the admin contact, as detailed within the request. The request may then be denied in the GlobalSign system, depending upon the reasons behind JANET being unable to authorise the request.