Requesting Digital Server Certificates
**Please note that ALL Certificates issued from this service use a chained certificate hierarchy. To avoid any Intermediate CA Certificate browser errors, be sure you have installed all of the required certificates on your system. For more information, please visit our FAQ section.**
The Information Security and Policy Office (ISPO) offers centrally funded digital certificates to UI System Administrators through the InCommon Digital Certificate service.
How do I get a digital certificate for my iowa-domain system?
There are 2 ways with which to do this.
- Campus System Admins (ITS, HCIS etc.) should contact The Information Security and Policy Office or your Departmental Registration Authority Organization (DRAO – “certificate approver”) to get your unique departmental “Access Code”. Follow the steps below using that DRAO-specific code in place of the enterprise code listed below.
- UI departments that have no DRAO should login to the Enterprise Account, and fill out the certificate request form, using our Enterprise Access Code: uiowa-1nC0m.
How to fill out the online certificate request form
- Go to https://cert-manager.com/customer/InCommon/ssl?locale=en
- Select Certificate Enrollment
- Enter in the Access Code: uiowa-1nC0m and your university e-mail address; click the Check Access code button to proceed (non-university e-mail addresses will not work).
Make certain all fields on the form with the red asterisk are correctly filled out
4. Choose the type of Digital Certificate you need (certificate descriptions and restrictions below)
5. Fill in the Common Name (CN)
6. Choose the appropriate server OS
7. Select the validity period of the SSL
8. Paste in your 2048-bit CSR – Note: the interface will not accept any key lengths less than 2048-bit.
9. Enter a pass-phrase (required to revoke the certificate)
10.Add in additional comments you would like to associate the certificate with (these will not be included in the certificate).
11. Select “Submit”
Once approved you should receive an e-mail with instructions on how to download and install the digital certificate.
NOTE: While most certificate requests are processed within 24 hours, we only guarantee a 72 hour turnaround time on requests. Therefore, it is imperative that you plan accordingly. Digital Certificates will NOT be issued outside of normal business hours.
If you have questions or problems processing your request for a digital certificate using the steps described above, contact The Information Security and Policy Office or your DRAO to have them process the Certificate request on your behalf.
Available Digital Certificate Options:
|InCommon SSL||Single fully qualified domain name certificate.|
|InCommon Multi-Domain||Secures up to 100 different domain names on a single certificate.|
|InCommon Wild Card SSL||
Secures the domain and unlimited sub-domains of that domain. These must be preapproved by the ISPO.
|InCommon Unified Communications Certificate (UCC)||Subject Alternate Name certificate. Must be reissued each time you add a new host/domain name.|
|Extended Validation (EV) SSL/TLS||Extended Validation certificates provide the highest levels of encryption, security and trust and immediately reassure web site visitors that it is safe to conduct online transactions by turning the address bar green on next generation browsers.|
|Client or S/MIME Certificate||Secure/Multipurpose Internet Mail Extensions (S/MIME) or Client certificates, used primarily to digitally sign or encrypt e-mail messages.|
Secure/Multipurpose Internet Mail Extensions (S/MIME) or Client certificates, used primarily to digitally sign or encrypt e-mail messages.
Extended Validation (EV) Certificates
EV Certificates are available from Comodo through the University's Digital Certificate Service. Due to the nature of the validation, the process for obtaining an EV certificate is significantly longer approximately two-four weeks; so please plan ahead.
Requesting EV Certificates
Follow the instructions above to get to the online certificate request form then fill out all of the fields, making sure you select "Extended Validation (EV) SSL/TLS" in the drop down “Type” field, paste in the CSR and submit the form. Send an e-mail in to email@example.com to have the ISPO complete the EV request process.
For more information about the InCommon Cert Service, click on one of the appropriate links below:
Instructions on how to generate a CSR visit: https://support.comodo.com/index.php?_m=knowledgebase&_a=view&parentcategoryid=33
Technical support and troubleshooting is being provided by Comodo via email, a web ticketing system and telephone. Comodo's web site includes a Knowledge Base and step-by-step troubleshooting guide.
More information can be found at support.comodo.com.
Please note: you must register an account before you can take advantage of their support.
* Email: firstname.lastname@example.org (24x7)
* Web: support.comodo.com (24x7)
* Phone:+1-888-266-6361, +1-703-581-6361 (5:00 AM – 8:00 PM EST, Mon-Fri)
TLS Server Certificates FAQ | TLS Certificate Guidelines |