SSL Certificate Request Help

SSL Certificate Request Help

To install a SSL certificate on a web server you need to fill out the SSL Certificate Request in the Service Catalog in TeamDynamics.  The information below describes what the end user/server admin needs to do in order to request a SSL certificate.

SSL certificates are used to encrypt data.  These are installed on a web server and most commonly used for https traffic on the internet.  Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites. SSL Certificates bind together: A domain name/server name & an organizational identity /location.  If you are over a server and need to request one it is recommended that you create a CSR (Certificate Signing Request). To do that there are written instructions on DigiCert’s website below.  DigiCert is where we get all of our SSL Certificates. 

 

CSR Creation

The most common requests are IIS, Apache, and Java SSL Certificate requests.  To generate a CSR you will need to input some information about the server and the organization.  When generating a CSR it is important to make sure that you have at least a key size of 2048 or higher.  Normally IIS and other web services want to create one that is only 1024 bits.   The higher this is set at the more secure the key will be for the certificate.  2048 is plenty secure for our work here on campus, but you are welcome to select 4096, or higher if needed.  The other parts of information you will need are the following:

  • Common Name: yourservername.byui.edu
  • Organization: Brigham Young University-Idaho
  • Department: IT
  • City: Rexburg
  • State: ID
  • Country: USA

 

How to create a CSR use one of the links below:

IIS 7: http://www.digicert.com/csr-creation-microsoft-iis-7.htm

Apache: http://www.digicert.com/csr-creation-apache.htm

Java: http://www.digicert.com/csr-creation-java.htm

Other: http://www.digicert.com/csr-creation.htm

 

Certificate Installation Links:

IIS 7: http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm

Apache: http://www.digicert.com/ssl-certificate-installation-apache.htm

Java: http://www.digicert.com/ssl-certificate-installation-java.htm

Other: http://www.digicert.com/ssl-certificate-installation.htm

 

Once the CSR has been created please fill out the form below with the CSR (copy and paste the text inside the csr file into the text box) and other information, and you will get a certificate to install on your web server within a business day.  Some of the other import fields on the request form are described below:

  • Requestor – The person requesting the certificate
  • Server name -  The fully qualified domain name like: web.byui.edu
  • Other Hostnames – Other server names you want to be included in the certificate. This allows you to request one certificate for a service that is load balanced and then you can install the one certificate on all servers
  • Extended Validated – SSL Certificates can have an optional flag that makes the web browser make a green box in the URL that shows that this is a very secure site.  Certificates with Extended Validated get this special treatment but the certificate will be valid for only 2 years instead of 3 years. Also some custom web applications do not like extended validated certificates.  Apache and IIS work fine with extended validated certificates but some custom ones like Cisco do not do very well with those types of certificates.  If you are unsure select No for extended validated
  • Need Help on Installation – Select yes here if you want Infrastructure to help you install the certificate.  If you are unsure select yes and we will work with you on how to get it installed

 

If you will need to request many certificates every year contact Blake Grover to be setup as an authorized user to create certificates.  For any questions regarding this form contact Blake Grover at 496-7045

Was this helpful?
0 reviews

Details

Article ID: 352
Created
Wed 9/3/14 1:51 PM
Modified
Wed 9/27/17 10:57 AM