Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Verify that you are registered as a contact for your DNS name. Your UW NetID may not have been added to the DNS record when the DNS name was established. If need be, update the contact information. For help with this step, refer to Managing DNS Names For Infrastructure Services Access
  2. Go to the UW Certificate Services website.
  3. The UW Services CA website is obsolete and the ActiveX method is no longer supported on recent version of Windows.
  4. Click "New Certificate"
  5. Click the "Verify DNS Ownership" tab.
  6. Enter the fully qualified domain name (e.g. <hostname>.<subdomain>.washington.edu or <appname>.<subdomain>.washington.edu) and click "Verify ownership." If the response confirms your ownership, go to the next step. Otherwise go back to step 1.
  7. Click on either the "New UWCA Certificate" or the "New InCommon Certificate" tab.
    1. Additional details specific to an InCommon certificate can be found here.
  8. Paste your certificate request into the CSR window. The request must be in PEM format. PEM is a text encoding (base-64) of the binary certificate request.
    1. A CSR includes information that is used to create a certificate. This includes but is not limited to:
      1. Attributes of the certificate like state and country where it will be used. These two values must be set to Washington and US respectively. These values are part of the Subject property of the certificate.
      2. The common name (CN) which for a web site or service is its DNS name.
      3. The certificate public key. The public/private key pair are generated as part of the CSR creation.
        Note: InCommon Certificates require 2048 bit public/private keys.
    2. There are a number of different tools that can be used to generate a CSR. One popular tool is openSSL. openSSL can be obtained (in source code form) from the openSSL.org website. It is also installed as part of a Shibboleth installation and with most Linux distributions.
  9. Choose the appropriate certificate type from the Type drop-down.
  10. Choose the type of web server you will be using along with the number of servers.
  11. Choose a certificate lifetime. Certificates used for testing should have a short lifetime. Production certificates are usually valid for 2 or 3 years.
  12. Click "Submit" to finish your request. You should receive a confirmation within 10 min. 

...