en el

Implementation of Multi-Perspective Issuance Corroboration (MPIC) and Mandatory CAA Checks for Mailbox Addresses

2025-03-14 TLS Certificates S/MIME Certificates HARICA

Multi-Perspective Issuance Corroboration (MPIC)

Starting on March 15, 2025, HARICA will implement Multi-Perspective Issuance Corroboration (MPIC) for Domain Authorization, Control, and Certification Authority Authorization (CAA) Record checks before issuing any TLS Server Authentication Certificates, in accordance with CA/B Forum Baseline Requirements for TLS Server Certificates.

With MPIC, DNS queries for Domain Validation and CAA checks must be verified from multiple, randomly distributed and distant locations across the Internet. If the information corroboration fails (up to a certain level), the certificate issuance will be blocked. Domain Owners must ensure that their Authoritative DNS servers are accessible from the global Internet, allowing the corroboration to be completed without failures that would prevent certificate issuance.

We remind our Subscribers that Publicly-Trusted TLS Server Authentication Certificates are “intended to be used for authenticating servers accessible through the Internet”, as described in the CA/Browser Forum TLS Baseline Requirements.

Mandatory CAA Checks for Mailbox Addresses

Effective March 15, 2025, HARICA will also be required to perform CAA checks for Mailbox Addresses, as mandated by the CA/Browser Forum S/MIME Baseline Requirements.

What You Need to Know:

  • Before issuing an S/MIME certificate that includes a Mailbox Address, HARICA will retrieve and process CAA records, similar to the process used for TLS Certificates.
  • If your DNS CAA record contains the issuemail tag, it must explicitly include the value “harica.gr”, authorizing HARICA for S/MIME certificate issuance.
  • If no issuemail tag is present, no action is required.
TLS MPIC Domain Validation S/MIME CAA
el

HARICA achievements

2022-06-15 HARICA HARICA

Sky is the limit

All of us involved in HARICA’s activities as a “Qualified Trust Service Provider (QTSP)” share a common philosophy that can be summed up in the words of Henry Ford: “If everyone moves forward in sync, then success comes naturally”.

A few years ago, we decided to expand our activities beyond the Academic and Research boundaries. Since then, our projects have exceeded our initial expectations and we feel deeply honored to be trusted by high-profile leading organizations, institutions, public and private, in Greece, in Europe and in the rest of the world.

The e-platform gov.gr of the Ministry of Digital Governance issues millions of digital documents, including Covid Vaccination Certificates, e-declarations and authorizations with HARICA’s e-Seal as well as the Central Electronic Document Management System (mindigital-shde.gr) issuing Remote Qualified Electronic Signatures for Public Administration to civil servants for signing legally binding documents as defined in the eIDAS regulation. The e-platform diavgeia.gov.gr uses HARICA certificates to formally announce governmental and administrative decisions and resolutions. The e-National Social Security Fund (e-Efka) uses HARICA’s e-Seal and Server Certificates. EYATH, (Thessaloniki Water Supply and Sewerage Company) trusted us for the Qualified eSignatures and the Email Certificates (S/MIME) of its employees.

The Council of State, Administrative Regions of Greece, the Ministry of Labour of Cyprus, Municipalities, Professional Chambers, the Supreme Attorneys Associations, Notary Associations as well as European Organizations such as EU Agency for the Cooperation of Energy Regulators (ACER), CEDEFOP and private companies such as BETA CAE, KLEEMANN and SPACE HELLAS are a few of HARICA’s high-profile Subscribers that have entrusted us for adding security to their digital services.

Big Social and News networks such as Facebook use HARICA’s wildcard certificates, providing encrypted communications and data security to billions of their users.

In the demanding field of electronic payments, we issue PSD2 digital certificates in accordance with the European Payment Services Directive 2 (PSD2) and Regulation 910/2014 (eIDAS), providing the highest level of security. This is why banking institutions such as ALPHA BANK, OPTIMA BANK and Third-party Payment Provider (TPP) companies such as CARDLINK, MIA PAGO Ltd, Perlas Finance, and Money Capp trust HARICA to secure their electronic transactions.

Our accomplishments do not make us complacent, they motivate us to continue our efforts with even more enthusiasm, but also with more knowledge and experience to improve and expand HARICA’s trusted services, because for us “only sky is the limit”.

Thank you!

HARICA Achievements QTSP Certificates eSeal eSignature Remote Qualified eIDAS Server SSL/TLS Wildcard S/MIME PSD2
el
Policy Trust Resellers/Partners Data Privacy Statement
GREEK ACADEMIC NETWORK (GUnet)
University of Athens – Network Operation Center
Panepistimiopolis Ilissia
Postcode: 157 84 Athens, Greece
support@harica.gr
HARICA is the Hellenic Academic & Research Institutions Certification Authority. It participates in all major Global "ROOT CA" Trust Programs, and operates as a "Trust Anchor" in widely used Application Software and Operating Systems.
It has received a successful Conformance Assessment Report fulfilling the requirements of Regulation (EU) 910/2014 (also known as eIDAS) in the areas of "Qualified" Certificates for electronic Signatures/Seals, website authentication, and "Qualified" Timestamps.
© 2025 Harica - RSS