/
InCommon Certificate Service - DRAO Responsibilities
InCommon Certificate Service - DRAO Responsibilities
- Joshua Drummond
Owned by Joshua Drummond
Last updated: Mar 06, 2015
Responsibilities of the DRAO
- Should know how to use the InCommon Certificate Manager Admin Tool for managing certificates as documented in the InCommon Certificate Manager Administrator Guide (mainly chapters 1 and 2)
- Request from the RAO only subdomains in campus DNS you should be allowed to approve certificate requests for in your department
- Communicate to your department the process for people to request SSL certificates (see example)
- When new requests come in, you should do ALL of the following before approving a request:
- Verify email address of requester is in the UCI directory, be careful of similar looking letters/numbers
- Verify you know the person making the request, or contact them if they don't
- Verify they are an "owner" of the system and that the CN is registered properly in DNS
- Verify there is a legitimate business need for the request
- Verify all required information submitted with the CSR is correct from the user
- Verify certificate type is proper
- Verify subject alternative names (if applicable) are valid
, multiple selections available,