New Certificates

Verify the subdomain of the host you are requesting an SSL certificate for has already been approved by your Department InCommon Administrator (DRAO)
Verify the FQDN of the host you are requesting an SSL certificate for is properly registered in DNS
Go to the Certificate Manager at https://cert-manager.com/customer/InCommon/ssl?action=enroll
Enter your @uci.edu email address and use the Access Code given to you by your DRAO and click Check Access Code (OIT staff please see /wiki/spaces/adcom/pages/68016119)
Submit your CSR request (minimum 2048 bit required, wildcard certificates not allowed)
1. Most often, you will use "InCommon SSL (SHA-2)" as the Certificate Type
  1. Use "InCommon Multi Domain SSL (SHA-2)" or "InCommon Unified Communications Certificate (SHA-2)" when there is a legitimate requirement to have multiple SSL hostnames for the same IP address and port, this allows subject alternative names (SAN)
  2. Use "InCommon Intranet SSL (SHA-2)" for hosts on the UCI private network (10.*.*.*) that may not conform to public DNS
  3. If you need an EV (extended validation) certificate please let your DRAO know ahead of time
2. The Certificate Term is fixed at 1 year.
3. Enter CSR for your system and other related data
4. Optional: Add extra SAN entries for multi domain certificate type
5. Click Submit and the request will be routed to the DRAO(s) for approval
After all approvals and the certificate is generated and ready to use, a link will be emailed to you for download
1. Note: It can take up to 24 hours to obtain a certificate from Sectigo after it has been approved.
If you need technical support for problems related to the SSL Certificate request or installation please see https://sectigo.com/support

Renewal Certificates

If you still know the original Certificate ID and passphrase you used to request the certificate the first time, you can renew it by following this link: https://cert-manager.com/customer/InCommon/ssl

Browser not supported