...
Generate a Certificate Signing Request
Info Please note that InCommon requires that all CSRs be generated with a minimum of 2048 bits.
Submit a ticket to ESS via TechConnect:
. Please include:
- The service name that you want to have certified. Note that this often is different from the actual machine name(s).
For example: certificate/service name = docs.usg.tufts.edu --> actual machine = conglomerate.usg.tufts.edu - How many years the certificate is for? Maximim is three years.
- How many machines the certificate is for (e.g. load balanced servers all sharing the same certificate) and the names of those machines.
- A contact name, telephone number, and email address for the group administering the server.
- The CSR generated in Step 1 above. For best results, include the CSR as a text file attachment to the email, but just pasting the CSR text into an email will usually work.
ESS will submit your CSR to the InCommon Certification Authority and approve it for signing. Once this process is completed, you will receive an email with a link to download your certificate. You'll also receive a followup communication from the ESS.
- The service name that you want to have certified. Note that this often is different from the actual machine name(s).
- Once you verify that the certificate is valid, please update the TechConnect ticket (by replying to the ticket auto-response email you received when submitting your request or any subsequent correspondence) indicating as much.
- Once you have installed your InCommon SSL Certificate, you can verify that the installation was successful by using the SSL Certificate Installation Analyzer. Please be aware that the Intermediate/root certificate to the InCommon Certificate Authority may need to be installed.
...