Print
Print:
Body
Related Articles
Related Services / Offerings
InCommon / Request an SSL certificate
Body
Objective
To provide instruction on requesting an SSL certificate for a web server through InCommon-Sectigo Certificate Service
Environment
Security
12587: Certificate Services
InCommon-Sectigo Certificate Service
Procedure
Prior to making a certificate request, you must create a CSR (certificate signing request)
If you need assistance in generating your CSR,
go to the Sectigo/Comodo Knowledgebase
and search for your web server type
Certificate requests can be made using the InCommon Enrollment form
If you do not have the Miami's access code, email
infosec@miamioh.edu
to obtain the code
Miami is on a course to automate as much of our certificate generation and renewals as possible using ACME and certbot. If you're part of IT and would like to participate in our automation effort please reach out to the appropriate group for the underlying operating system EO (Linux) or the Windows team (Windows Servers). These groups will create, renew and distribute the certificate to your server for consumption so there is no need for you to create the CSR or submit the certificate request via InCommon
Go to the InCommon Certificate Request Enrollment form
Enter a group or departmental email, NOT your individual Miami email address, to receive a validation email for authentication to the enrollment form. Individual email addresses will be rejected
Open your email and either click the
Confirm Authentication Request
button or copy/paste the provided URL into your browser
Select
Enroll
in the upper-right of the resulting page
Enter Miami's access code (do not select an enrollment account, the access code is all should be entered)
From the
Certificate Type
drop-down select one of the following options:
InCommon SSL (SHA-2) (customized for Miami University)
— a single certificate for a fully qualified domain name
InCommon Wildcard SSL Certificate (SHA-2) (customized for Miami University)
InCommon Multi Domain SSL (SHA-2) (customized for Miami University)
— multiple fully-qualified domains on a single certificate
From the
Certificate Term
drop-down, select
1 year
From the
Server Software
drop-down, select the appropriate option
If the server type is not listed, choose
OTHER
, and include additional information about the server in the
Comments
field
Copy/paste or upload the CSR to the
CSR
field
Enter the fully qualified domain name in the
Common Name
field
The request will not be submitted for review and approval if the common name is not the fully qualified domain name
DO NOT use the pass-phrase section when submitting a certificate request or check the auto renewal box
In the
Comments
field, enter a description of the server including the server name and service it provides:
Wildcard Certificate Requests
For the required field for servers, the number of servers in most cases will be one
The option for the
Certificate Term
field will be for two years only
Multi-domain Requests
After selecting
InCommon Multi Domain SSL (SHA-2)
, the
Subject Alternative Names
option under the
Common Name
field will appear. This field (required) allows you to enter alternative domain names for a single certificate
Once you have received and installed your certificate,
submit a request for a Nagios alert
to track the service, ensuring that you are alerted before the certificate expires
Notes
Best Practice: SSL/TLS certificate guidelines
Submitted requests may take up to four hours to be processed and validated by Sectigo. If you do not receive the email with the subject title "Enrollment Successful" within 24 hours of submitting your request, please contact Security Compliance and Risk Management office to have the request expedited. The certificate should then be issued within an hour of being expedited
If you have problems with an issued certificate and need to re-submit a CSR, email
infosec@miamioh.edu
; include the new CSR and the full common name instead of submitting a new certificate request using the InCommon enrollment form. The issued certificate will be replaced using the newly generated CSR
Once the certificate has been approved, you will receive an email with information on downloading the certificate
To ensure that all clients can verify the trust chain of the certificate, you must install the Intermediate CA Chains.
See related articles
for instructions on how to install Intermediate CA Chains
If you need help,
submit a ticket to Sectigo Support/Ticket Requests
. You will need the order number for the certificate in question: You will find it in the email you received with the certificate information (i.e., Order Number: XXXXXXX)
Additional Resources:
Visit the Sectigo Knowledgebase
Details
Details
Article ID:
5799
Created
Wed 5/20/15 9:17 AM
Modified
Wed 10/16/24 12:06 PM
Can you resolve this issue yourself?
Yes! This is self-service with a smile.
Related Articles
Related Articles (1)
Best Practice: SSL/TLS certificate guidelines
Related Services / Offerings
Related Services / Offerings (1)
Request a Nagios alert for a SSL certificate