To access certain Técnico’s IT services, such as the eduroam network, Técnico’s root digital certificate is required.
Digital certificates exist to guarantee the confidentiality of the information exchanged between the user’s computer and the server. In particular when accessing a website through a secure connection, it provides us with a digital certificate signed by a certifying entity (for example: GEANT Trusted Certificate Service). When the signature on this certificate is verified to be correct, the browser takes care of accepting it and, consequently, establishing the SSL/TLS connection. If the signature is not accepted, the connection is not established immediately by the browser, since it will mean that the key that is explicitly declared in the certificate is invalid. It will then be up to the user to trust or mistrust the received document.
Técnico and FCCN are two entities responsible for issuing and revoking digital certificates (X.509).
Certificates for a server
For issuing certificates to a user’s server, such as a domain or IP, users can request:
- the digital certificate of the Técnico´s Root Certification Authority. For this certificate to be valid, you must also install Técnico’s root digital certificate.
- the GEANT´s Trusted Certificate Service, available free of charge and recognized by browsers. Users can trust this certification authority, with the only disadvantage being that they have to import the certificate themselves into their browsers.
Certificates for personal use
For the issuance of certificates for personal use, such as for use in e-mail, users may request a personal certificate issued by the third-party issuer HARICA, contracted by GEANT Trusted Certificate Service.
We recommend the second option as it avoids the need for all parties in the exchange to install the Técnico root certificate where the personal certificate is to be used, which might not be practical or even not possible if the service provider is external to IST. To ask for a personal certificate you must go to HARICA Certificate Managerwebsite, click button “Academic Login” and then choose “ULisboa – Instituto Superior Técnico” as your institution to be able to login using your Técnico credentials. After authentication you will have to consent to transmitting some personal information. Upon entry on the portal there will be several options to choose from in “Certificate Requests” section. You will choose “E-mail” option to request a personal certificate for sMIME e-mail signing.