Security: Submitting a Certificate Signing Request

After you have decided on a certificate type and generated a CSR, request an XSEDE certificate by creating an XUP support ticket or by sending email to help@xsede.org with the following information.

Category: Certificates
System: (Unknown / Not Applicable if system not listed)
Subject: Your chosen Certificate Type
Problem Description: Obtain a new <Certificate Type> for example.xsede.org.
                             (If you are requesting a Multi Domain SSL Certificate,
                             generate your CSR with extra SubjectAltNames, or
                             list your additional server names here.)
                             (You can also specify an alternate email address
                             that should receive notifications, e.g.:
                             "Contact email: example_admin@example.edu")

Attachment: example-xsede-org.csr

Below is an example screenshot for requesting an InCommon Multi Domain SSL Certificate with several additional domains.

Installing The Certificate and Root CAs

Once your certificate request has been approved and processed, you will receive an email with instructions for downloading the certificate. You will probably want to select the "X509 Certificate Only, Base64 encoded" link. This will download just the certificate in a .cer file. Use this with the private key file you generated earlier (example-xsede-org.key) to secure your server.

The root CA certificates for InCommon IGTF Server Certificates are included in the IGTF CA Distribution and the XSEDE CA Distribution. You should update your server to use the latest version. However, you can also download just the InCommon IGTF CA Bundle specific to your new InCommon IGTF Server Cert.

For InCommon SSL Certificates (SHA-2) (i.e., web server certificates), there should be a link in the email you received which allows you to download the intermediate/root CAs. You will probably want to select the "X509 Intermediates/root only Reverse, Base64 encoded" link, as Java clients expect the intermediate certificates to be listed in a particular order.

Last Update: April 6, 2016

Key Points
Expect it to take up to 2 business days to issue a certificate.
Contact Information