Applying for the Certificate Service

The SA NREN Certificate Service allows beneficiary institutions access to organisationally-validated SSL, wildcard, unified communications, personal (S/MIME), and code-signing certificates backed by a commercial  CA (currently Sectigo, which was formerly known as Comodo CA). The service is currently available to TENET beneficiary institutions at no additional cost, which means there's a potential for savings on your existing SSL certificate bill.

 

To take advantage of this offering, you need to get the person normally authorised to place orders on TENET to contact Y2VydHNAdGVuZXQuYWMuemE=. That person needs to nominate and provide contact details for an initial Registration Authority Officer (RAO), and to indicate which ac.za domain(s) they'd like included. The RAO will be responsible for approving certificates within the organisation, and needs to have both a technical understanding of certificates and sufficient understanding of your institutional processes to be able to make informed decisions. The initial RAO can, in turn, delegate responsibility to other RAOs or departmental RAOs (for sub-domains) within your organisation.

 

The certificate service, which is limited to ac.za domains, currently makes use of Sectigo's enterprise SCM platform. RAOs make use of SCM's web platform to apply for, and approve, certificates in a mostly-automated process. SCM also allows the RAO to manage departments and other users for your organisation, and to request access for other ac.za domains (although the latter requires manual approval).

 

The certificate service is in an early-adopter phase which means that limited, best-effort support is available from TENET. However, Sectigo has comprehensive manuals available and a significant number of institutions are already making use of the service.