SURFconext replaces security certificates for service providers

06 FEB 2019

SURFconext enables students, instructors, and researchers to log in to cloud services from various providers. SURFconext has started changing the security certificates to ensure that this login remains secure in the future. Service providers must make the changes before 1 May. Users will not notice anything about this.

Certificates contribute to the basis of SURFconext: trust

Trust is essential for working well and safely with SURFconext. One of the ways in which SURF does this is by using certificates (keys) for signing our messages. The current security certificates are almost five years old and therefore need to be replaced. We will also use the migration, or key rollover, to significantly increase the security of new certificates. We do this by using offline signing by means of a Hardware Security Module (HSM). An HSM is special hardware in which data, such as certificates, is stored safely.

Service providers receive a message

All service providers will soon receive an email message explaining how to implement the changes. To help them further, SURFconext has created a special wiki for this purpose. The changes must be completed before May first.

No impact for end users

Users will not notice the changes that services providers have to make. If you are unable to connect to a service via SURFconext after May first, please contact the service concerned.

More information

Latest modifications 07 Feb 2019