CESNET gained access to globally accepted server certificates

Universities and institutions in the research and education sector in eight European countries can obtain server certificates at very low cost through their National Research and Education Networking organisations (NRENs). This arrangement has been made possible through an agreement between TERENA and GlobalSign, a Cybertrust subsidiary. CESNET association, building and developing the CESNET2 national research and education network, joined the project on 10 April 2006 by signing a contract with the TERENA association.

National Research and Education Networking organisations (NRENs) are witnessing an increasing demand for SSL server certificates due to a growing need for encrypted channels and the rollout of new authentication and authorisation middleware. When a user connects to a server (mail server, web server etc) to download, access and/or store critical data, it is important to guarantee that the user is indeed connected to the right server and that his communication with the server is secure (nobody can intercept or change it), and is thus encrypted. SSL technology makes the communication between client and server secure, but requires server certificates to work.

Some NRENs have set up a Certification Authority (CA) issuing certificates to the NREN's user community. However, when accessing a server, a pop-up message appears saying "the issuer of this certificate is untrusted". This occurs when the server certificates are issued by a CA whose root is not listed among those recognised as a trusted ones by popular web browsers such as Internet Explorer or Mozilla Firefox. Other NRENs have circumvented this problem by obtaining certificates from a commercial CA provider whose root is recognised, but that solution tends to be expensive because tariffs are on a per-certificate basis.

In order to solve these problems, a number of NRENs have joined together and asked TERENA to contract GlobalSign to run a dedicated Certificate Authority service to issue server certificates to these NRENs and their user communities. This joint solution makes the cost per certificate very low when large numbers of certificates are issued. This takes away the barriers for large-scale use of SSL server certificates in the research and education communities: the CA service from GlobalSign allows the NRENs involved to act as service providers for their constituency and issue a practically unlimited number of SSL certificates per year.

The NRENs currently participating in the service are the national organisations from Austria (ACOnet), Croatia (CARNet), Czech Republic (CESNET), Denmark (UNI-C), France (RENATER/CRU), Netherlands (SURFnet), Spain (RedIRIS) and Switzerland (SWITCH). The service may be extended to other countries at a later stage.

The CESNET association was founded by universities and the Academy of Sciences of the Czech Republic. The association is currently financed mainly from the resources of the governmental Committee for Research and Education and the resources of the members of the association. The association performs research and development in the area of information and communication technologies, building and developing the national gigabit optical network, CESNET2, designed for research and educational purposes. Due to the research activities and results achieved, the CESNET association acts as a representative of the Czech Republic in the project within which a pan-European network called GEANT2 is constructed, actively taking part also in the implementation of this project.