Versions Compared

Version Old Version 3 New Version 4
Changes made by

LEE KNUTSON

LEE KNUTSON

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page is available to list information and links to support pages with information useful for system administrators responsible for utilizing the InCommon Certificate Service.

Table of Contents

Requesting and Installing a certificate

IIS (Windows)

Requesting a new certificate

...

If you are replacing a server that currently has an InCommon certificate in use, you can migrate the certificate to the new server, avoiding the need to issue a new CSR and wait for a new certificate to be generated. This can be done even if the new server is using a different version of Windows and IIS than the existing server. Here are the directions for Exporting and Restoring a PFX file to IIS 

Apache httpd (Linux/Unix)

...

Follow these directions to generate a certificate signing request (CSR): CSR Generation: Using OpenSSL (Apache & mod_ssl, NGINX)

Installing a new certificate
Once you have been notified by InCommon that your certificate has been generated, follow these directions to install the certificate: Certificate Installation: Apache & mod_ssl Note that you should use the "X509 Certificate only, Base64 encoded" link to download the client certificate, and the "X509 Intermediates/root only Reverse, Base64 encoded" link to download the intermediate and rootcertificates, for use with httpd.

Tomcat (Windows)

The easiest method of getting SSL protection in Tomcat on Windows is to first request and install a certificate in IIS (even if no website is hosted by IIS), and the export the certificate from IIS, to import into Tomcat. To export an SSL certificate from IIS for use with Tomcat on Windows, follow these directions: Export SSL Certificate from IIS and Import into Tomcat

Tomcat (Linux/Unix)

To import an existing SSL key and certificate in Linux/Unix to Tomcat, follow these instructions: Importing existing SSL key and certificate for tomcat

Testing Certificate Installation

Verifying proper certificate chaining

A common issue when installing a certificate is that the chain of:
  • AddTrust Root Certificate
  • InCommon Intermediate Certificate, and
  • Client Certificate

are not installed properly. Pieces of the certificate can be missing, or installed in an improper order. To test that the certificate is working as expected, use one of the sets of directions below. (Testing should need to be done with only a single browser.)

Verifying certificate chaining with Internet Explorer
Verifying certificate chaining with Firefox