The SA NREN Certificate Service allows beneficiary institutions access to organisationally validated SSL, wildcard, unified communications, personal (S/MIME), and code-signing certificates backed by a commercial CA (currently Sectigo, which was formerly known as Comodo CA).
The certificate service, which is limited to ac.za domains, makes use of Sectigo's enterprise SCM platform. Authorised users, known as Registration Authority Officers (RAO), make use of SCM's web platform to apply for, and approve, certificates in a mostly automated process. SCM also allows the RAO to manage departments and other users within the organisation.
How to apply for the SA NREN Certificate Service at your institution
The SA NREN Certificate Service is currently available to TENET beneficiary institutions as part of our bundle of NREN services at no additional cost, which means there's a potential for savings on your existing SSL certificate bill.
To take advantage of this offering, you need to get the person normally authorised to place orders on TENET to request the service. That person needs to nominate and provide contact details for an initial Registration Authority Officer (RAO), and to indicate which ac.za domain(s) they would like included. The RAO will be responsible for approving certificates within the organisation and needs to have both a technical understanding of certificates and a sufficient understanding of your institutional processes to be able to make informed decisions. The initial RAO can, in turn, delegate responsibility to other RAOs or departmental RAOs (for sub-domains) within your organisation.
Once provisioned, we will need to complete organisational validation before you're able to issue any certificates. This may require additional documentation.
Scope of the service
The SA NREN certificate service is specifically scoped to AC.ZA domain holders and is only available to institutions that have signed our REN Services Agreement. This allows us to keep the costs of the service down, and make it available to institutions that consume a bundle of NREN services at no additional cost.
As of 2023, the service does make provision for eligible organisations to request certificates that contain non-AC.ZA domains. However, the RAO will need to provide an explanation/motivation for each additional domain.
TENET's support for the service
In line with the general principles of TENET's services, TENET expects that an institution's assigned RAOs will act as the point of contact within their institution. RAOs should have a general understanding of certificates and certification authorities as a concept.
TENET provides first-tier support for the SA NREN Certificate Service's SCM instance and will manage escalations to Sectigo where necessary. Institutional RAOs seeking support should first log a call with TENET's service desk.
Non-SCM related problems
Limited support may be provided for more general certificate-related problems (i.e. those unrelated to Sectigo SCM and this certificate service). This may include advice and assistance in understanding security certificates as a concept.
However, given the vast variety of possible software and configuration options, such support can only be provided on a best-effort basis with no service warranties. Requests not directly related to the certificate service itself will be attended to at a lower priority. Institutions are encouraged to use their software vendor's support channels wherever possible, as these are better equipped to provide product-specific advice.
Sectigo Certificate Manager
Access the TENET instance of the Sectigo Certificate Manager at https://hard.cert-manager.com/customer/TENET. Sectigo has comprehensive manuals available for SCM.
