Last modified 2 months ago


How do I request a Virginia Tech Middleware client certificate?


Procedure to enroll for a Virginia Tech Middleware certificate:

  1. Search "Middleware Client Certificate" in the Service Catalog and complete the request form.
  2. Login to the Certificate Manager and submit an online request.  
    • Select VT Middleware Client in the list of available certificates.
    • Specify the Common Name (MUST BE the same name as the ED-ID Service name).
    • Specify the Organization Unit (Should be your department name).
    • Specify an Email address to be used for notifications when the certificate is issued or nearing expiration.
  3. Generate a CSR (Certificate Signing Request)
    • The method used for generating a CSR (OpenSSL is the most common) varies depending on the application which will be using the certificate. Please follow the directions provided with your application software to generate a CSR. When requested for keysize during CSR generation, please specify a key size of at least 2048 bits when generating your key pair.
    • The VTCA (Virginia Tech Certification Authority) will generate DN attributes for you, so default values are acceptable.
    • If you are using OpenSSL, please refer to Our OpenSSL instructions for an example on generating a CSR.
  4. Upload a PEM- or DER-formatted certification request file (CSR) with the "Browse..." button or paste a PEM-formatted request into a text area.

    A PEM-formatted request is a BASE64 encoded certificate request starting with:
    and ending with

  5. After enrolling, an email will be sent to the email address provided in the request with instructions on how to download your certificate within one or two business days. If you encounter problems please contact IMS for assistance at imsed@vt.edu
  6. To complete the installation and configuration of the Middleware client certificate, the VTCA trusted certificate CA chain MUST also be installed for use by the application. Please refer to your server documentation on how to configure your application (or server) to use trusted CA chains. If you have not already installed the VTCA trusted certificate CA chain, you can download the chain here.