TCS - Trusted Certificate Service
Increasing online security by facilitating the deployment of digital certificates.
The newest iteration of GÉANT's Trusted Certificate Service (TCS – formerly known as the TERENA Certificate Service) launched on 1 July 2015. The new provider, DigiCert, is one of the largest worldwide Certification Authorities (CA).
TCS takes advantage of a bulk purchasing arrangement whereby participating national research and education networking organisations (NRENs) may issue close to unlimited numbers of certificates provided by a commercial CA at a significantly reduced price.
The five main types of certificates available are:
SSL certificates – for authenticating servers and establishing secure sessions with end clients.
Grid certificates – for authenticating Grid hosts and services (IGTF compliant).
Client certificates – for identifying individual users and securing email communications.
Code signing certificates – for authenticating software distributed over the internet.
Document signing certificates – for authenticating documents from Adobe PDF, Microsoft Office, OpenOffice, and LibreOffice.
About the TCS portals
For the new TCS, two Web portals are available:
- the DigiCert CertCentral portal is used to issue server, code signing or document signing certificates;
- the DigiCert SAML portal was developed by DigiCert for TCS with built-in SAML-based federated access, which is improving the user experience of ordering digital personal certificates. This portal allows for NREN branding and is available in different languages.
GÉANT and DigiCert have been offering portal training opportunities to current and new TCS participants in recent months.
The portal was extensively tested by technical experts from the GÉANT
TCS community. It is up-to-date with changes to the Secure Hash
Algorithm (SHA), which plays an important role in signing digital
certificates used to support secure websites. The DigiCert TCS provides the more secure SHA-2-supported certificates that replace the
original SHA-1 type.
Djangora and Confusa are offline
From 1 July 2015, the Djangora and Confusa software are no longer working or being maintained. Now the only way to issue certificates is through the DigiCert CertCentral portal or the DigiCert SAML portal.
Djangora can still be used (solely for revocation of certificates issued with Comodo) but Confusa is no longer operable.
The TCS wiki with more detailed information is at
To find out more about TCS, contact GÉANT.