Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 6
Next »
New Certificates
- Verify the subdomain of the host you are requesting an SSL certificate for has already been approved by your Department InCommon Administrator (DRAO)
- Verify the FQDN of the host you are requesting an SSL certificate for is properly registered in DNS
- Go to the Certificate Manager at https://cert-manager.com/customer/InCommon/ssl?action=enroll
- Enter your @uci.edu email address and use the Access Code given to you by your DRAO and click Check Access Code (OIT staff please see /wiki/spaces/adcom/pages/68016119)
- Submit your CSR request (minimum 2048 bit required, wildcard certificates not allowed)
- Most often, you will use "InCommon SSL (SHA-2)" as the Certificate Type
- Use "InCommon Multi Domain SSL (SHA-2)" or "InCommon Unified Communications Certificate (SHA-2)" when there is a legitimate requirement to have multiple SSL hostnames for the same IP address and port, this allows subject alternative names (SAN)
- Use "InCommon Intranet SSL (SHA-2)" for hosts on the UCI private network (10.*.*.*) that may not conform to public DNS
- If you need an EV (extended validation) certificate please let your DRAO know ahead of time
- Choose up to 3 year for Certificate Term
- Enter CSR for your system and other related data
- Optional: Add extra SAN entries for multi domain certificate type
- Click Submit and the request will be routed to the DRAO(s) for approval
- After all approvals and the certificate is generated and ready to use, a link will be emailed to you for download
- Note: It can take up to 24 hours to obtain a certificate from Comodo after it has been approved.
- If you need technical support for problems related to the SSL Certificate request or installation please see https://www.incommon.org/cert/support.html
Renewal Certificates
- If you still know the original Certificate ID and passphrase you used to request the certificate the first time, you can renew it by following this link: https://cert-manager.com/customer/InCommon/ssl
- Also InCommon won't allow you to renew an older SHA-1 certificate, you'll need to request a new SHA-2 certificate.
- Otherwise, you'll need to create a new CSR and follow the "New Certificate" instructions and replace the existing with a new one.