​TCS - Trusted Certificate Service

Increasing online security by facilitating the deployment of digital certificates.

The newest iteration of GÉANT's Trusted Certificate Service (TCS – formerly known as the TERENA Certificate Service) launched on 1 July 2015. The new provider, DigiCert, is one of the largest worldwide Certification Authorities (CA).


TCS takes advantage of a bulk purchasing arrangement whereby participating national research and education networking organisations (NRENs) may issue close to unlimited numbers of certificates provided by a commercial CA at a significantly reduced price.

​The five main types of certificates available are:

  • ​SSL certificates – for authenticating servers and establishing secure sessions with end clients.

  • Grid certificates – for authenticating Grid hosts and services (IGTF compliant).

  • Client certificates – for identifying individual users and securing email communications.

  • Code signing certificates – for authenticating software distributed over the internet.

  • Document signing certificates – for authenticating d​ocuments from Adobe PDF, Microsoft Office, OpenOffice, and LibreOffice.

About the TCS portals

For the new TCS, two web portals are available:

  • The DigiCert CertCentral portal is used to issue server, code signing or document signing certificates.

  • The DigiCert SAML portal was developed by DigiCert for TCS with built-in SAML-based federated access, which is improving the user experience of ordering digital personal certificates. This portal allows for NREN branding and is available in different languages.

GÉANT and DigiCert have been offering portal training opportunities to current and new TCS participants in recent months.

The portal was extensively tested by technical experts from the GÉANT TCS community. It is up-to-date with changes to the Secure Hash Algorithm (SHA), which plays an important role in signing digital certificates used to support secure websites. The DigiCert TCS provides the more secure SHA-2-supported certificates that replace the original SHA-1 type.


Djang​​ora and Confusa are offlin​​​​e​​​

From 1 July 2015, the Djangora and Confusa software are no longer working or being maintained. Now the only way to issue certificates is through the DigiCert CertCentral portal or the DigiCert SAML portal. Djangora can still be used (solely for revocation of certificates issued with Comodo) but Confusa is no longer operable.​ 


More information​​​​​​​

​The TCS wiki with more detailed information is at wiki.geant.org/ display/TCSNT​​​


To find out more about TCS​, ​contact GÉANT.​​​

​​​​At a glance​​


TCS provides NRENs with cost-effective and easy to use management of digital certificates


Key ​​​Facts

​TCS is provided in partnership with DigiCert one of the leading Certification Authorities worldwide.​


​​Qu​ick Links ​

TCS Wiki​

TCS 'CertCentral' portal

TCS SAML portal