Versions Compared

Version Old Version 16 New Version Current
Changes made by

Former user

Edward Ned Harvey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to request an SSL certificate

InCommon SSL certificates

To begin the process of requesting an InCommon SSL certificate (new or renewal):

  • There is no cost to the community for InCommon certificates.

InCommon SSL certificates

  1. Generate a Certificate Signing Request

    Info

    Please note that InCommon requires that all CSRs be generated with SHA-256 and a minimum of 2048 bits.

    Submit a ticket to ESS via TechConnect:

    Service Catalog > How Can We Help You? > SSL Certificate Request

    .  Please include:

    • The service name that you want to have certified. Note that this often is different from the actual machine name(s).
      For example: certificate/service name = docs.usg.tufts.edu --> actual machine = conglomerate.usg.tufts.edu
    • How many years the certificate is for? Maximim is three years.
    • How many machines the certificate is for (e.g. load balanced servers all sharing the same certificate) and the names of those machines.
    • A contact name, telephone number, and email address for the group administering the server.
    • The CSR generated in Step 1 above. For best results, include the CSR as a text file attachment to the email, but just pasting the CSR text into an email will usually work.

    ESS will submit your CSR to the InCommon Certification Authority and approve it for signing. Once this process is completed, you will receive an email with a link to download your certificate. You'll also receive a followup communication from the ESS.

  2. Once you verify that the certificate is valid, please update the TechConnect ticket (by replying to the ticket auto-response email you received when submitting your request or any subsequent correspondence) indicating as much.
  3. Once you have installed your InCommon SSL Certificate, you can verify that the installation was successful by using the SSL Certificate Installation Analyzer. Please be aware that the Intermediate/root certificate to the InCommon Certificate Authority may need to be installed.

If you have any questions, please email ess@tufts.edu.

 

For issues with certificate requests, e.g certificate can't be issued with specific Subject Alternative Names, contact InCommon support. Information is located here: https://www.incommon.org/certificates/support.html

Telephone support (available Monday through Friday, 4 AM to 8 PM Eastern)

...

This content has been moved to /wiki/spaces/EnterpriseSystems/pages/89464035