Security: Submitting a Certificate Signing Request
System: (Unknown / Not Applicable if system not listed)
Subject: Your chosen Certificate Type
Problem Description: Obtain a new <Certificate Type> for example.xsede.org.
(If you are requesting a Multi Domain SSL Certificate,
generate your CSR with extra SubjectAltNames, or
list your additional server names here.)
(You can also specify an alternate email address
that should receive notifications, e.g.:
"Contact email: firstname.lastname@example.org")
Below is an example screenshot for requesting an InCommon Multi Domain SSL Certificate with several additional domains.
Installing The Certificate and Root CAs
Once your certificate request has been approved and processed, you will receive an email with instructions for downloading the certificate. You will probably want to select the "X509 Certificate Only, Base64 encoded" link. This will download just the certificate in a .cer file. Use this with the private key file you generated earlier (example-xsede-org.key) to secure your server.
The root CA certificates for InCommon IGTF Server Certificates are included in the IGTF CA Distribution and the XSEDE CA Distribution. You should update your server to use the latest version. However, you can also download just the InCommon IGTF CA Bundle specific to your new InCommon IGTF Server Cert.
For InCommon SSL Certificates (SHA-2) (i.e., web server certificates), there should be a link in the email you received which allows you to download the intermediate/root CAs. You will probably want to select the "X509 Intermediates/root only Reverse, Base64 encoded" link, as Java clients expect the intermediate certificates to be listed in a particular order.
Last Update: April 6, 2016