Requesting an SSL Certificate
We request SSL certificates for
*.ncsa.illinois.edu domains through NCSA Security:
New Documentation from NCSA Security
See NCSA Certificate Requests for more detailed documentation.
Online instructions for creating CSR don't yet explain how to do SHA2 certificates. Below is how we're generating CSRs for 4k bit, SHA2 certs:
See https://www.xsede.org/security/certificates/csr for an example for requesting a SAN (subjectAltName) certificate so the cert works for multiple hostnames.
- Verify the CSR for any possible errors at https://www.sslshopper.com/csr-decoder.html
- Mail the CSR to firstname.lastname@example.org to create a ticket
NCSA Security handles these directly with InCommon (rather than CITES), so the certs are identical to what we used to get through CITES. Here is a URL for additional information about their certificates:
Certificates are free and can last for up to 2 years.
Basically they just need us to supply them 4096 bit CSR request.
Non-NCSA illinois.edu Domains:
We purchase SSL certificates for generic
*.illinois.edu domains through CITES:
Here is a URL for additional information about their certificates:
Certificates are $38 for up to 2 years.
Basically they just need us to supply them 4096 bit CSR requests along with a University CFOP account and email contact.
Karen Hartman says that we need to have the correct activity code as well, so before purchasing any certificate we are supposed to contact the business office to get the appropriate code.
illinois.edu domains, apparently we can obtain those through NCSA Security if NCSA owns the domain name. If not, we can continue to purchase SSL certificates through InstantSSL/Comodo.
Installing Intermediate Certificates
The InCommon SSL certificates from CITES always require the additional installation of an intermediate certificate:
- Intermediate InCommon Server CA: http://certmgr.techservices.illinois.edu/technical.htm
The above intermediate certificate is signed by Comodo's CA Root certificate, which may also need to be installed:
- Comodo Add Trust External CA Root: https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=10&nav=0,1