To access certain Técnico’s IT services, such as the eduroam network, Técnico’s root digital certificate is required.
Digital certificates exist to guarantee the confidentiality of the information exchanged between the user’s computer and the server. In particular when accessing a website through a secure connection, it provides us with a digital certificate signed by a certifying entity (for example: TERENA). When the signature on this certificate is verified to be correct, the browser takes care of accepting it and, consequently, establishing the SSL/TLS connection. If the signature is not accepted, the connection is not established immediately by the browser, since it will mean that the key that is explicitly declared in the certificate is invalid. It will then be up to the user to trust or mistrust the received document.
Técnico and FCCN are two entities responsible for issuing and revoking digital certificates (X.509).
Certificates for a server
For issuing certificates to a user’s server, such as a domain or IP, users can request:
- the digital certificate of the Técnico´s Root Certification Authority. For this certificate to be valid, you must also install Técnico’s root digital certificate.
- the TERENA´s digital certificate, available free of charge and recognized by browsers. Users can trust this certification authority, with the only disadvantage being that they have to import the certificate themselves into their browsers.
Certificates for personal use
For the issuance of certificates for personal use, such as for use in e-mail, or access to computacional resources of EUGridPMA, users may request:
- a digital certificate from Técnico´s Root Certification Authority. For this certificate to be valid, you must also install the Técnico’s root digital certificate.
- a personal certificate issued by the third-party issuer Sectigo, contracted by GEANT.
We recommend the second option as it avoids the need for all parties in the exchange to install the Técnico root certificate where the personal certificate is to be used, which might not be practical or even not possible if the service provider is external to IST. To ask for a personal certificate you must go to this website choose “ULisboa – Instituto Superior Técnico” as your institution to be able to login using your Técnico credentials. After authentication you will have to consent to transmitting some personal information. Upon entry on the portal there will be 3 types of certificates available for request: the first may be used for login with certificate in web sites or with email clients. The other two are IGTF certificates. To execute the request you may upload your own Certificate Request file (CSR), or ask the platform to generate the public/private key pair and then produce the certificate.