If the size and nature of your user community suggests that this support is going to be difficult, it might be better to purchase a certificate from a well-known public CA, such as Thawte, and wait until such a time that the UW Serivces Services CA root certificate is better deployed within your user community. An InCommon-issued certificate may also be a good option in some cases.
The UW Services CA's root certificate can be obtained a couple of ways. Use the root installation page to install it directly into a web browser. Visit the by visiting the UWCA site website to obtain it in PEM or DER format.
How to revoke a certificate
To revoke a UW Services CA certificate:
Email email@example.com with the CN (DNS Name) and expiration date of the certificate.
When to use multiple certificates
- Verify your system has the UW Services CA root installed.
- Log on to your Windows server as Administrator.
- Start the IIS Internet Services Manager.
- Display your web site properties.
- Select Directory Security > Server Certificate to run the Web Server Certificate Wizard.
- Select "Create a new certificate", click Next.
- Select "Prepare the request now, but send later", click Next.
- Type in any simple name (e.g. "MyExampleUWSCAcert") for the certificate, 1024 is a good bit length, click Next.
- Type in Organization = "UW", Organization Unit = "" (actual text doesn't matter), click Next.
- Type your full DNS name for the Common Name, to conform to our DN policy.
- Select US for Country, type in "Washington" for state, and "Seattle" for city, click Next.
- Save the certificate request to a file (e.g. c:\certreq.txt).
- Finish the IIS Certificate Wizard.
- Open the certificate request file (e.g. in Notepad).
- Select the contents and copy it to the clipboard.
- Start a web browser, go to the UW Service CA web site (https://iam-tools.u.washington.edu/cs/), log in with your UW NetID, and select "New UWCA certificate".
- Choose the PEM method as you walk thru the request process.
- Paste the contents of your certificate request file (e.g. c:\certreq) into the "CSR" text field and submit your request.
- Wait for email acknowledging that your certificate has been issued.
- Go back to the UW Service CA web site, select the number corresponding with your current request from the list of Favorites, and click "Get PEM" or "Get PKCS 7" from the details display to the right.
- Copy, paste, and save the PEM certificate into a new file (e.g. c:\certfile.txt).
- Return to the Web Server Certificate Wizard.
- Process the pending request to install the new certificate (e.g. c:\certfile.txt).