Requesting a Virginia Tech Class 1 Server Certificate - Virginia Tech Knowledge Base [answers.vt.edu]

Virginia Tech Knowledge Base [answers.vt.edu]

Quicklinks

/ / Requesting a Virginia Tech Class 1 Server Certificate

Requesting a Virginia Tech Class 1 Server Certificate

Time to Complete (in minutes): 60+

Question:: How do I request a Virginia Tech Class 1 Server Certificate?
Answer:

The Virginia Tech SSL Server Certificate enables SSL authentication and encryption services for networked application servers such as Web servers or E-mail. Application servers connecting to Virginia Tech computing resources where authentication and authorization services are required must use a digital certificate in order to communicate over a secured communication channel using SSL, or TLS protocols.

To request a Virginia Tech Class 1 Server Certificate:

Complete and submit the Request Approval to Enroll for VTCA Certificates online request form.
Notes:
- You must submit a new request for approval to enroll each time a SSL server certificate is needed.
- In the Certificate Profiles drop-down list, select either VT Class 1 Web Server or VT Class 1 Application Server.
Submit a Virginia Tech Class 1 Server Certificate Application Form by mail at Mail Code 0214 or by fax at (540) 231-3583.

Note: Specify the Common Name of your server on the Application Form.

Within one to two business days after your Application Form has been processed, you will receive an e-mail with instructions on how to enroll for your certificate. If you encounter problems with the enrollment process, contact IMS for assistance.
Follow the instructions provided in the e-mail you receive to submit your CSR (Certificate Signing Request) using the Enroll for Server Certificate Web form.
Notes:
- When completing the Enroll for Server Certificate Web form, use the user name provided in the e-mail and the password that you created when you submitted your Request Approval to Enroll for VTCA Certificates. If you received an e-mail notification that your request has been approved but you do not remember your password, you can re-request approval to enroll for a certificate and create a new password. You will receive another e-mail notification after your request has been approved.
- You will be required to upload a PEM- or DER-formated certification request file (CSR) or you may simply paste a PEM-formated request into the or pasted request text area on the Enroll for Server Certificate Web form.
              A PEM-formatted request is a BASE64 encoded certificate request starting with
              -----BEGIN CERTIFICATE REQUEST-----
              and ending with
              -----END CERTIFICATE REQUEST-----
- The method used for generating a CSR varies depending on which application will be using the SSL server certificate. Please follow the directions provided with your application software to generate a CSR. When asked for keysize during CSR generation, please specify a key size of at least 2048 bits when generating your key pair.
- The VTCA will ignore all DN attributes you specify in your CSR and instead will retrieve the DN attributes which you specified on the Request Approval to Enroll for VTCA Certificates online request form to be used in the subject entry of the certficate being issued to you. As a result, there are no special requirements to include specific DN attributes in the CSR that you generate. You may provide default values for any DN attributes which your CSR generation program/utility may require you to specify. Only the public key component of your public/private key pair is extracted from the CSR when you upload it to enroll for your certificate.
- If you are using OpenSSL, please refer to Using OpenSSL to Make a Request for a Virginia Tech Certification Authority (VTCA) Server or Application Certificate.
After submitting your CSR, your certificate will be issued immediately and will be available for you to download. The subject entry of your certificate will contain the following DN attributes which you provided in your request for approval to enroll for a VT certificate:
- CN = Your server name (e.g. servername.vt.edu)
- OU = Your department name (e.g. Budget and Financial Planning)
- O = Virginia Polytechnic Institute and State University
- L = Blacksburg
- ST = Virginia
- DC = vt
- DC = edu
- C = US
You will receive a follow-up e-mail confirming that your certificate has been issued and containing a link to use if you need to download your certificate again in the future.
To complete the installation and configuration of the server certificate, install the CA certificates chain on the server. For information on how to configure your application or server to use trusted CA chains, refer to your server documentation. If you have not already installed the VTCA trusted CA chain, download a file containing the VTCA trusted chain:
- In Firefox:
  1. Right-click on http://www.pki.vt.edu/gettingstarted/root/vtca_cachain.pem
  2. Select Save Link As...
- In Internet Explorer:
  1. Right-click on http://www.pki.vt.edu/gettingstarted/root/vtca_cachain.pem
  2. Select Save Target As...
Note: The VTCA trusted CA chain file contains the PEM-encoded certificates for the Virginia Tech Root CA, Virginia Tech Class 1 Server CA, and the Virginia Tech Middleware CA.

Article ID: 2849
Last updated: 01 Oct, 2009
Views: 580
Comments: 0
Print
Email to friend
Add comment