Published on: 2024-11-26 (updated on: 2024-11-29). 🔗 Permalink

What is mTLS (Mutual TLS)?

The instance of Ontoserver that is hosted through the SU-TermServ is protected using Mutual TLS. This means that with every access to the endpoint, a mutual certificate exchange takes place, so you need to set up a corresponding certificate on your side and present it with every connection establishment:

The process of requesting a certificate is described here. Instructions on how to set up the certificate in browsers can be found here.

The SU-TermServ uses mTLS to enforce the contractual condition that access to the Ontoserver instances may only be made from Germany.

Current situation with GÉANT and Sectigo

In the last few days, it became known that Sectigo terminated its contractual relationship with the GÉANT consortium due to disagreements. For several years, the previous PKI of the German Research Network (DFN) has been replaced by that of GÉANT, which in turn has commissioned Sectigo to issue certificates. As of November 14, 2024, it is likely no longer possible to apply for certificates through Sectigo beginning no later than January 10, 2025. It is not yet known to what extent GÉANT will enter into a new contractual relationship with a subcontractor or whether DFN is seeking another partner. It is certain that all server certificates will expire next year (these are only issued for one year), and possibly personal certificates as well (which are usually valid for three years), and thus there will be a need for action at all locations using GÉANT’s certification services. Therefore, DFN recommends extending all certificates before the expiry date in the coming weeks up to the turn of the year to postpone the necessary work into the future. SU-TermServ will monitor the situation, and of course, new certification chains will be added to the list of approved issuers. The security of access to our services is not jeopardized at any time due to this transition. We will inform about further steps through the channels of the coordination office and on this website.