This site requires JavaScript to be enabled
138 views
Last modified 2 weeks ago

Question:

How do I request a Virginia Tech SSL/TLS Certificate?

Answer:

Procedure to enroll for a VT Global Qualified Web Server certificate:

  1. Complete the Global Qualified Web Server Certificate request form from the Service Catalog. Once the request has been approved you will receive an email with a link to enroll for a VT Global Qualified Web Server certificate.
  2. Login to the VTCA Certificate Manager to complete and submit the online request.  (Note: you must submit a separate request for each SSL/TLS server certificate needed.)
    • Select VT Global Qualified Web Server in the list of available certificates.
    • Specify the Common Name of your server.
    • Specify a DNS name in the Subject Alternative Name field. At a minimum this should be the same as the Common Name above, you may enter more DNS names as needed.
    • Specify an Email address to be used for notifications when the certificate is issued or nearing expiration.
    • Verify that the Email entered above is correct.
  3. Generate a CSR (Certificate Signing Request)
    • The method used for generating a CSR varies depending on the application which will be using the SSL/TLS server certificate. Please follow the directions provided with your application software to generate a CSR. When requested for keysize during CSR generation, please specify a key size of at least 2048 bits.
    • The VTCA (Virginia Tech Certification Authority) will generate DN attributes for you, so default values are acceptable. 
  4. Upload a PEM- or DER-formatted certification request file (CSR) with the "Browse..." button or paste a PEM-formated request into the text area.

    A PEM-formatted request is a BASE64 encoded certificate request starting with:
    -----BEGIN CERTIFICATE REQUEST-----
    and ending with
    -----END CERTIFICATE REQUEST-----

  5. After enrolling, an email will be sent to the email address provided in the request with instructions on how to download your certificate within one or two business days. If you encounter problems please contact IMS for assistance at imsed@vt.edu
  6. To successfully complete the installation of your VTCA SSL/TLS certificate, the certificate, private key, and VTCA trusted certificate CA chain certificates MUST be configured using the instructions provided by your software application or web server. The VTCA trusted certificate CA chain consists of the following three CA certificates. You may right click and save each certificate:

If you are configuring Microsoft IIS, download and manually import the Virginia Tech Global Qualified Server CA  and Trusted Root CA SHA256 G2 certificates into the IIS “Intermediate Certification Authorities” certificate store using the Microsoft Management Console (MMC) certificates snap-in. Also verify that the GlobalSign Root CA R3 certificate is listed in the “Trusted Root Certification Authorities” certificate store.