This site requires JavaScript to be enabled
186 views
Last modified 3 weeks ago

Question:

How do I request a Virginia Tech SSL/TLS Certificate?

Answer:

Procedure to enroll for a VT Global Qualified Web Server certificate:

  1. Login to the Certificate Manager to complete and submit the online request.  (Note: you must submit a separate request for each SSL/TLS server certificate needed.)
    • Select InCommon TLS Web Server Certificates in the list of available certificates.
    • Specify a DNS name (other than the CN on the to be generated CSR) in the Subject Alternative Name field. You may enter more DNS names as needed.
    • Specify an Email address to be used for notifications when the certificate is issued or nearing expiration.
  2. Generate a CSR (Certificate Signing Request)
    • The method used for generating a CSR varies depending on the application which will be using the SSL/TLS server certificate. Please follow the directions provided with your application software to generate a CSR. When requested for keysize during CSR generation, please specify a key size of at least 2048 bits.
    • The CN must be included on the CSR. This is different than the previous form, but the InCommon Certificate Authority (CA) requires the CN on the CSR. The InCommon CA will generate all other DN attributes for you, so default values for them are acceptable. 
  3. Upload a PEM- or DER-formatted certification request file (CSR) with the "Browse..." button.
  4. A PEM-formatted request is a BASE64 encoded certificate request starting with:

    A PEM-formatted request is a BASE64 encoded certificate request starting with:
    -----BEGIN CERTIFICATE REQUEST-----
    and ending with
    -----END CERTIFICATE REQUEST-----

  5. After submitting the request, the following checks are performed for approval of your request. You only need one approval mechanism to be approved.
    1. You have an entitlement for the domain of the requested CN.
    2. You are the Domain Network Liaison (DNL) for the domain of the requested CN.
    3. You may choose to have an approval email sent to the DNL of the requested CN and the DNL may choose to approve or reject the request.
    4. You may choose to place a file at a given url on the domain of the requested CN and the request will be approved.
  6. After the request has been approved, an email will be sent to the email address provided in the request with instructions on how to download your certificate. If you encounter problems please contact Middleware for assistance at middleware-g@vt.edu
  7. To successfully complete the installation of your InCommon TLS server certificate, the certificate, private key, and trusted certificate CA chain certificates MUST be configured using the instructions provided by your software application or web server. The trusted certificate CA chain will be included in the email.