IAM
Space shortcuts

Log in to ASTRA
Manage UW Groups
Manage UW NetID Resources
Manage Certificates
Register/Update Shibboleth SP

IAM in Service Catalog

Access Management
Authentication
Directory Services
UW NetID
UW Directory
Microsoft Infrastructure

Page Tree

Child pages
  • Renew a Certificate from the InCommon CA
Skip to end of metadata
Go to start of metadata

Purpose

Describe how to renew an X.509 certificate from the InCommon CA via the UW Certificate Services website.

As part of the SHA-1 to SHA-2 migration (see Transition to InCommon SSL Certificates Signed with SHA-2), we've disabled renewals for InCommon SHA-1 certificates. At this point, renewal of a SHA-1 certificate would result in another SHA-1 certificate with a limited lifespan. There is no way to renew a SHA-1 certificate and get a SHA-2 certificate. As your InCommon SHA-1 certificate approaches its expiration date, you will need to request a new InCommon certificate. New certificates will be available with 1, 2, or 3 year lifespans and they will be signed with SHA-2. The renew option is available for InCommon SHA-2 certificates. 

Prerequisites

  • You already have an InCommon certificate
  • The certificate has not yet expired or has expired no more than 30 days ago

Procedure

  1. Browse to the UW Certificate Services website (authentication required): https://iam-tools.u.washington.edu/cs/
  2. Select the certificate you want to renew from your list of favorites or locate it by using the Search box
  3. In the right-hand panel of certificate details, click the "renew this certificate" link
  4. Wait for the certificate to be signed and issued by the InCommon CA (turn-around time is 1-3 days)
  5. UW Certificate Services will check the status of your request and notify you via email when your InCommon certificate has been issued (see example below)
  6. Follow the instructions for downloading your certificate in Obtain a Certificate from the InCommon CA, beginning with step 14 in that document
  7. That's it! If it takes longer than 72 hours for your certificate to renew, or you encounter another problem, please let us know at iam-support@uw.edu


Example: Email Notification

From: UW Certificate Services iam-support@uw.edu
Reply-To: help@uw.edu
To: you@uw.edu
Cc: jim1234@uw.edu, tim5678@uw.edu, slim90@uw.edu
Subject: Certificate #1234 issued for www.spud.washington.edu

Certificate #1234 for www.spud.washington.edu has been issued by InCommon.

Certificate Details:
Common name:  www.spud.washington.edu
Renewed:    Fri Aug 12 13:06:03 PDT 2011 by you
Expires:      Mon Aug 11 16:59:59 PDT 2014
InCommon ID:  56765

You may retrieve the certificate from the UW Certificate Service website:
https://iam-tools.u.washington.edu/cs/cert?id=1234

** Tip ** : UW Certificate Services determines ownership of certificate
requests and sends email notifications based on contact information in
DNS managed by UW-IT. You are receiving this message because you
requested this certificate or because you're a registered DNS contact
for the certificate's common name or one of its alternative names.
Requests for changes to the contact list for your DNS name(s) should be
emailed to netops@uw.edu.

Have a question? Contact us at iam-support@uw.edu.