The eduPKI CA issues certificates according to specific Trust Profiles defined by the eduPKI PMA. Currently there are three Trust Profiles supported by the eduPKI CA:
- eduPKI Trust Profile for eduroam Certificates v1.3
- eduPKI Trust Profile for Certificates for GÉANT's Multi-Domain Network Services v1.2
- eudPKI Trust Profile for Generic Server- and Client-Machine-Certificates v1.1
See below how to obtain a certificate
... for eduroam
The eduPKI CA provides server certificates for RADIUS infrastructure servers. eduroam server administrators may apply for a server certificate via this web form uploading a matching PKCS#10 CSR. To build a CSR with a DomainComponent-style (DC-style) SubjectDN with the openssl commandline tool, use this example openssl config file and customize it to your needs.
It is recommended to use a rolebased email address (e.g. firstname.lastname@example.org) of the server administrators as the contact address in server certificate applications and not a personal work email address. This way certificate related emails (i.e. certificate delivery mails and expiration warnings) will more likely be read even if the person who originally requested the certificate is unable to read or receive emails later on.
You have to send the generated PDF certificate application form to eduroam's eduPKI RA in a way that they can check its authenticity and integrity (e.g. via S/MIME or PGP signed email).
You will receive your eduroam certificate by email as soon as the eduroam RA has approved your certificate application.
Information about eduroam certificates and the approval of certificate requests by the eduroam RA see:
eduPKI eduroam RA (eduroam website)