Responsibilities of the DRAO

Should know how to use the InCommon Certificate Manager Admin Tool for managing certificates as documented in the InCommon Certificate Manager Administrator Guide (mainly chapters 1 and 2)
Request from the RAO only subdomains in campus DNS you should be allowed to approve certificate requests for in your department
Communicate to your department the process for people to request SSL certificates (see example)
When new requests come in, you should do ALL of the following before approving a request:
1. Verify email address of requester is in the UCI directory, be careful of similar looking letters/numbers
2. Verify you know the person making the request, or contact them if they don't
3. Verify they are an "owner" of the system and that the CN is registered properly in DNS
4. Verify there is a legitimate business need for the request
5. Verify all required information submitted with the CSR is correct from the user
  1. Verify certificate type is proper
  2. Verify subject alternative names (if applicable) are valid