Instituto Superior Técnico

Serviços de Informática

Digital Certificates

To access certain Técnico’s IT services, such as the eduroam network, Técnico’s root digital certificate is required.

Digital certificates exist to guarantee the confidentiality of the information exchanged between the user’s computer and the server. In particular when accessing a website through a secure connection, it provides us with a digital certificate signed by a certifying entity (for example: GEANT Trusted Certificate Service). When the signature on this certificate is verified to be correct, the browser takes care of accepting it and, consequently, establishing the SSL/TLS connection. If the signature is not accepted, the connection is not established immediately by the browser, since it will mean that the key that is explicitly declared in the certificate is invalid. It will then be up to the user to trust or mistrust the received document.

Técnico and FCCN are two entities responsible for issuing and revoking digital certificates (X.509).

Certificates for a server

For issuing certificates to a user’s server, such as a domain or IP, users can request:

Certificates for personal use

For the issuance of certificates for personal use, such as for use in e-mail, users may request a personal certificate issued by the third-party issuer HARICA, contracted by GEANT Trusted Certificate Service.

We recommend the second option as it avoids the need for all parties in the exchange to install the Técnico root certificate where the personal certificate is to be used, which might not be practical or even not possible if the service provider is external to IST. To ask for a personal certificate you must go to HARICA Certificate Managerwebsite, click button “Academic Login” and then choose “ULisboa – Instituto Superior Técnico” as your institution to be able to login using your Técnico credentials. After authentication you will have to consent to transmitting some personal information. Upon entry on the portal there will be several options to choose from in “Certificate Requests” section. You will choose “E-mail” option to request a personal certificate for sMIME e-mail signing.

Frequently asked questions (FAQs):