Versions Compared

Version Old Version 8 New Version Current
Changes made by

First Last

Edward Ned Harvey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to request an SSL certificate

InCommon SSL certificates

To begin the process of requesting an InCommon SSL certificate (new or renewal):

  • There is no cost to the community for InCommon certificates.

InCommon SSL certificates

  1. Generate a Certificate Signing Request
    Info

    Please note that InCommon requires that all CSRs be generated with a minimum of 2048 bits.

  2. Fill out a form using TechConnect/Service Catalog/Catalog/SSL Certificate request
    or alternatively
    Send email to cert-admin@tufts.edu including:
    1. The service name that you want to have certified. Note that this often is different from the actual machine name(s).
      • For example: certificate / service name docs.uit.tufts.edu --> actual machine prod-docs-01.uit.tufts.edu
    2. How many years the certificate is for (up to a maximum of 3).
    3. How many machines the certificate is for (e.g. load balanced servers all sharing the same certificate) and the names of those machines.
    4. A contact name, telephone number, and email address for the GROUP administering the server.
    5. The CSR generated in step 2 above. For best results, include the CSR as a text file attachment to the email, but just pasting the CSR text into an email will usually work.
  3. After you submit the ticket, the ESS will submit your CSR to the InCommon Certification Authority and approve it for signing. Once this process is completed, you will receive an email with a link to download your certificate. You'll also receive a followup communication from the ESS.
  4. Once you verify that the certificate is valid, please update the TechConnect ticket (by replying to the ticket auto-response email you received when submitting your request or any subsequent correspondence) indicating as much.
  5. Once you have installed your InCommon SSL Certificate, you can verify that the installation was successful by using the SSL Certificate Installation Analyzer. Please be aware that the Intermediate/root certificate to the InCommon Certificate Authority may need to be installed.

...

This content has been moved to /wiki/spaces/EnterpriseSystems/pages/89464035