INTERNAL: GEANT: what to do when

May 7, 2020

Account Number: 12824313745

Freddie Lopez: April 29, 2020

Soon “next couple of days, I the “Lead On-boarding SE on this project” will be handing GEANT to Support as On-boarding for this project is now complete. However, we are waiting for the “GOOD to go from GEANT” before we release them into Production and hand them over to support.

What has been completed and who is responsible for which actions:

  • Geant and 33 NREN’s have been fully on-boarded onto SCM
  • GEANT Shares one account number 12824313745 “across all NREN Accounts and each account has their own Client Authentication Certificate
  • GEANT has all On-boarding Videos and Documentation that they have shared with each of their NREN’s
  • GEANT and its NREN’s have been fully on-boarded onto Premier Support – Caleb Kennedy
  • NREN’s are aware of how to add Organizations / Domains, How to validate OV anchors / EV Anchors and who to contact to begin the process of validating those Anchor Certs “Most have already done this in SCM Today for OV Anchors; Organization Anchors”
  • NREN’s are responsible for training their RAO/DRAO admins on how to use SCM
  • NREN’s are only allowed to contact Premier Support
  • RAO/DRAO’s can contact Support should they need assistance with placing orders, troubleshooting Installation, discovery scans, API “Basic Troubleshooting”
  • RAO/DRAO’s cannot use Premier support and must call into their NREN’s for any issues pertaining to SAML/SSO, SCM Platform Issues “Major SCM Issues” and ordering of EV CS and ADSC
  • NREN’s can Delegate a RAO admin to allow Domain approval “eliminating a MRAO having to approve”
  • Check GEANT On-boarding JIRA Ticket below for key Features built strictly for GEANT.

What is enabled via SCM:

  • SSL
  • Client s/Mime Certificates
  • Code Signing Certificates “5 Types, RSA & ECC“
  • Public Sub CA “Geant has their own Sub CA created via Sectigo”

What features are enabled via SCM:

  • ACME
  • API
  • SCEP > Enabled by Default but not currently being used

What enrollment Features will be used:

  • ACME
  • API
  • Self-enrollment
  • User Interface
  • SAML Self-enrollment for SSL and S/MIME “Client” Certificates

What Products that will be ordered outside of SCM:

  • EV code Signing Certificates!PlaceOrder?reseller=y&ap=GeantSCM&product=530

  • Adobe Code Signing Certificates

What is NOT enabled or included in SCM:

  • Intune
  • Bulk Enrollment
  • Private Key Store
  • MS AD Integration
  • Code Signing On Demand
  • Azure Key Vault
  • Key Vault
  • Device Certificates
  • Private PKI
  • EST

Docs Attached to this article:

  • NREN URL’s and Admin Information
  • SCM Support Handoff form
  • Sectigo Premier Support NREN contacts
  • GEANT ordering Adobe Doc signing certificates
  • GEANT OV Anchor and Order Process

Each NREN will have their own SAML Client enrollment url based on the Development configuration “all have been configured per these instructions”. See Confluence Page:

Support will not need to enable any features or configure any accounts as this has been done already. Should an issue arise pertaining to a feature missing or not enabled support can reach out to me to check “only after troubleshooting themselves”.

All NEW feature requests must go through the proper request for it to be considered “PM process”. On-boarding/Pre-Sales are only monitors of the process so please do not send to us to create the request. Should you need more information of the process speak with [email protected]

Going forward any new issues that arise via the platform are subject to normal SCM JIRA Dev Support and any hotfixes or bug fixes are subject to regular scheduled maintenance.