Community News Trust and identity

TCS Webinar on ACME: automating certificates

Courtesy of Unsplash

GÉANT announces that it will hold a webinar to discuss and promote the use of ACME within the Trusted Certificate Service (TCS) and showcase local implementations from the community. The event will take place on 13 April 2021 at 14:00 CET.

All NRENs that participate in TCS and their member organisations that are users of TCS are cordially invited to join us: registration is open. The webinar will include a walk-through of the ACME workflow in Sectigo’s cert-manager platform, an overview of certbot, and presentations from R&E organisations that have already implemented ACME locally.

What is ACME?

The Automated Certificate Management Environment protocol (ACME) aims to automate certificate lifecycle management communications between Certificate Authorities (CAs) and an organisation’s web servers, email systems, user devices, and any other place Public Key Infrastructure certificates (PKI).  This means that certificates can be renewed without the need for human interaction.

The certificate environment is changing rapidly, and with decreasing validity periods for commonly used certificates, the need for more efficient processes for certificate management is growing. The majority of service-impacting issues with certificates can be attributed to a lack of automation and the need for human intervention – for example certificate renewal notices being sent to staff members who are no longer with the organisation.

Using ACME can help minimise potential downtime for services and minimise the risks for your organisation.

What is TCS?

TCS is GÉANT’s Trusted Certificate Service.  TCS takes advantage of a bulk purchasing arrangement whereby participating National Research and Education Networking organisations (NRENs) may issue unlimited numbers of certificates provided by a commercial CA at a significantly reduced price.

​The five main types of certificates available are:

  • ​SSL certificates – for authenticating servers and establishing secure sessions with end clients.
  • Grid certificates – for authenticating Grid hosts and services (IGTF compliant).
  • Client certificates – for identifying individual users and securing email communications (including IGTF client certificates).
  • Code signing certificates – for authenticating software distributed over the internet.
  • Document signing certificates – for authenticating d​ocuments from Adobe PDF, Microsoft Office, OpenOffice, and LibreOffice.

For more information about TCS, ACME or this webinar please contact nicole.harris@geant.org.