terena logo
25 January 2006
Low-cost Server Certificates Available via TERENA

Universities and institutions in the research and education sector in eight European countries can obtain server certificates at very low cost through their National Research and Education Networking organisations (NRENs). This arrangement has been made possible through an agreement between TERENA and GlobalSign, a Cybertrust subsidiary.

National Research and Education Networking organisations (NRENs) are witnessing an increasing demand for SSL server certificates due to a growing need for encrypted channels and the rollout of new authentication and authorisation middleware. When a user connects to a server (mail server, web server etc) to download, access and/or store critical data, it is important to guarantee that the user is indeed connected to the right server and that his communication with the server is secure (nobody can intercept or change it), and is thus encrypted. SSL technology makes the communication between client and server secure, but requires server certificates to work.

Some NRENs have set up a Certification Authority (CA) issuing certificates to the NREN's user community. However, when accessing a server, a pop-up message appears saying "the issuer of this certificate is not trusted". This occurs when the server certificates are issued by a CA whose root is not listed among those recognised as a trusted one by popular web browsers such as Internet Explorer or Mozilla Firefox. Other NRENs have circumvented this problem by obtaining certificates from a commercial CA provider whose root is recognised, but that solution tends to be expensive because tariffs are on a per-certificate basis.

In order to solve these problems, a number of NRENs have joined together and asked TERENA to contract GlobalSign to run a dedicated Certificate Authority service to issue server certificates to these NRENs and their user communities. This joint solution makes the cost per certificate very low when large numbers of certificates are issued. This takes away the barriers for large-scale use of SSL server certificates in the research and education communities: the CA service from GlobalSign allows the NRENs involved to act as service providers for their constituency and issue a practically unlimited number of SSL certificates per year.

The NRENs currently participating in the service are the national organisations from Austria (ACOnet), Croatia (CARNet), Czech Republic (CESNET), Denmark (UNI•C), France (RENATER/CRU), Netherlands (SURFnet), Spain (RedIRIS) and Switzerland (SWITCH). The service may be extended to other countries at a later stage.

A TERENA feature giving more background information about the agreement with GlobalSign can be found at http://www.terena.nl/news/fullstory.php?news_id=1510 .

GlobalSign's press release can be found at http://www.globalsign.net/company/press/terena.cfm or http://www.cybertrust.com/pr_events/press_releases/2006/01/25/ .

More information about GlobalSign is available from http://www.globalsign.net