SSL CSR generation and submissions

 About

Kansas State uses the InCommon Federation Certificate Service, operated by Internet2. The certificates use Comodo as the certification authority. The installation of these certificates are the same as other certificates but could require the inclusion of the Comodo Intermediate Root Certificate.

 Audience

  • Faculty
  • Staff

 Details 

To request or renew an SSL certificate, use the SSL Server Certificate request form. A certificate can only be issued with a 2048 bit CSR.

Note: When requesting a certificate, please include a distribution list that will be notified when the certificate is about to expire. If there is more than one list, feel free to include it as well.

Advantages

  • The ability to acquire certificates for one to two years.
  • Certificate types:
    • SSL (SHA-2)
    • Multi Domain SSL (SHA-2)
    • EV Anchor SSL
    • EV Multi Domain SSL
  • These certificates cover k-state.edu, ksu.edu and any other extension (.org, .com, .info, etc.). For any non k-state.edu or ksu.edu domain, the request may take up to 48 hours for initial verification.
  • Code Signing Certificates

Creating a basic private key & CSR

Use your application software to generate the 2048 RSA private key and CSR. OpenSSL is used for Apache and other applications.

Microsoft IIS

     Comodo site documentation for Microsoft IIS 7.0

     Comodo site documentation for Microsoft IIS 8.0

Java Based Web Servers (Tomcat) using Keytool

     Comodo site documentation for Java

Java Based Web Servers (OpenSSL)

     Comodo site documentation for Java

Oracle Wallet Manager

     Comodo site documentation for OracleWallet

Using OpenSSL (Apache w/mod_ssl, NGINX, OS X)

     Comodo site documentation for OpenSSL 

Other Platforms

     Comodo site documentation for Other Platforms

 

CSR conventions

Certain conventions must be followed for successful certificate generation:

DN Field

Explanation

Example

Country Name

Two letter ISO abbreviation in upper case

US

State or Province Name

State where organization is legally located, must be in mixed case

Kansas

City/Locality Name

City where organization is legally located. Valid cities would be Manhattan, Salina and Olathe

Manhattan

Organization Unit

Use your unit information

ITS, CTS, Salina Information Systems, Biology

Organization

Use the university information

Kansas State University

Common Name

The Fully Qualified Domain Name for your web server/service. This must be an exact match.

www.k-state.edu, www.ksu.edu 
Additional Subject Alternate Names ie. Campus.ksu.edu, .org, .net

 

For more information about Comodo, see the following: