...
InCommon SSL certificates
- Generate a Certificate Signing Request
Info Please note that InCommon requires that all CSRs be generated with a minimum of 2048 bits.
- Fill out a form using TechConnect/Service Catalog/SSL Certificate request
or alternatively
Send email to cert-admin@tufts.edu including:
- The service name that you want to have certified. Note that this often is different from the actual machine name(s).
- For example: certificate / service name docs.uit.tufts.edu --> actual machine prod-docs-01.uit.tufts.edu
- How many years the certificate is for (up to a maximum of 3).
- How many machines the certificate is for (e.g. load balanced servers all sharing the same certificate) and the names of those machines.
- A contact name, telephone number, and email address for the group GROUP administering the server.
- The CSR generated in step 2 above. For best results, include the CSR as a text file attachment to the email, but just pasting the CSR text into an email will usually work.
- After you submit the ticket, the ESS will submit your CSR to the InCommon Certification Authority and approve it for signing. Once this process is completed, you will receive an email with a link to download your certificate. You'll also receive a followup communication from the ESS.
- Once you verify that the certificate is valid, please update the TechConnect ticket (by replying to the ticket auto-response email you received when submitting your request or any subsequent correspondence) indicating as much.
- Once you have installed your InCommon SSL Certificate, you can verify that the installation was successful by using the SSL Certificate Installation Analyzer. Please be aware that the Intermediate/root certificate to the InCommon Certificate Authority may need to be installed.
If you have any questions, please email cert-admin@tufts.edu.