SA NREN Certificate Service


The SA NREN Certificate Service allows beneficiary institutions access to certificates backed by commercial CAs
SA NREN Certificate Service

The SA NREN Certificate Service allows beneficiary institutions access to organisationally validated SSL, wildcard, unified communications, personal (S/MIME), and code-signing certificates backed by a commercial CA (currently Sectigo, which was formerly known as Comodo CA).

The certificate service, which is limited to ac.za domains, makes use of Sectigo's enterprise SCM platform. Authorised users, known as Registration Authority Officers (RAO), make use of SCM's web platform to apply for, and approve, certificates in a mostly automated process. SCM also allows the RAO to manage departments and other users within the organisation.

How to apply for the SA NREN Certificate Service at your institution

The SA NREN Certificate Service is currently available to TENET beneficiary institutions as part of our bundle of NREN services at no additional cost, which means there's a potential for savings on your existing SSL certificate bill.

To take advantage of this offering, you need to get the person normally authorised to place orders on TENET to request the service. That person needs to nominate and provide contact details for an initial Registration Authority Officer (RAO), and to indicate which ac.za domain(s) they would like included. The RAO will be responsible for approving certificates within the organisation and needs to have both a technical understanding of certificates and a sufficient understanding of your institutional processes to be able to make informed decisions. The initial RAO can, in turn, delegate responsibility to other RAOs or departmental RAOs (for sub-domains) within your organisation.

Once provisioned, we will need to complete organisational validation before you're able to issue any certificates. This may require additional documentation.

Scope of the service

The SA NREN certificate service is specifically scoped to AC.ZA domains and is only available to institutions that have signed our REN Services Agreement. This allows us to keep the costs of the service down, and make it available to institutions that consume a bundle of NREN services at no additional cost.

The service does make provision for each eligible organisation to issue ONE certificate that contains non-AC.ZA domains as SubjectAlternativeNames, provided the primary subject of that certificate is an AC.ZA domain. A typical use-case for this would be a public-facing web server that hosts both the institutional website (on an AC.ZA domain) as well as a number of conference or project sites that aren't within AC.ZA (as SubjectAlternativeNames). Institutions that wish to utilise this benefit need to get their RAO to contact us.

Sectigo Certificate Manager

Access the TENET instance of the Sectigo Certificate Manager at https://hard.cert-manager.com/customer/TENET. Sectigo has comprehensive manuals available for SCM.