Requesting Digital Server Certificates

**Please note that ALL Certificates issued from this service use a chained certificate hierarchy. To avoid any Intermediate CA Certificate browser errors, be sure you have installed all of the required certificates on your system. For more information, please visit our FAQ section.**

The Information Security and Policy Office (ISPO) offers centrally funded digital certificates to UI System Administrators through the InCommon Digital Certificate service.
 

How do I get a digital certificate for my iowa-domain system?

There are 2 ways with which to do this.

  1. Campus System Admins (ITS, HCIS etc.) should contact The Information Security and Policy Office or your Departmental Registration Authority Organization (DRAO – “certificate approver”) to get your unique departmental “Access Code”.  Follow the steps below using the DRAO-specific code in place of the enterprise code listed  below.
  2. UI departments that have no DRAO should login to the Enterprise Account, and fill out the certificate request form, using our Enterprise Access Code: uiowa-1nC0m.

Steps on how to complete an online certificate request form

  1. Go to https://cert-manager.com/customer/InCommon/ssl?locale=en
  2. Select Certificate Enrollment
  3. Enter in the Access Code: uiowa-1nC0m and your university e-mail address; click the Check Access code button to proceed (non-university e-mail addresses will not work).
Department Access Codes
Enterprise (UIOWA) Access Code uiowa-1nC0m
OneIT Web Services
1IT47h3w1n
ITS-Research
its! Re4ch-
ITS-EI-SST
e1-SS-cert
ITS-CLOUDSERVICES
it5-Cloud
Housing & Dining
H0us3ing
Health Care Information Systems
R7927HCib-211
HCIS-ICTS
UIHC-icts01
Facilities Management
FM-C1908
Department of Biology
U!-b1O
Computer Science
C01c3n$e
College of Public Health
rCoPh-7329i
College of Pharmacy
ph473
College of Medicine - PSYCHIATRY
Psych01-4
College of Engineering
Enginr!ng
College of Business
P4pa-J0hn!
CLAS-Administration
CL45-Admin
Chemistry
C-h3m!t
BUSINESS SERVICES ADMIN (MBSB)
bu5-Serv!

 

Make certain all fields on the form with the red asterisk are correctly filled out

4. Choose the type of Digital Certificate you need (certificate descriptions and restrictions below)
5. Fill in the Common Name (CN)
6. Choose the appropriate server OS
7. Select the validity period of the SSL
8. Paste in your 2048-bit CSR – Note: the interface will not accept any key lengths less than 2048-bit.
9. Enter  a pass-phrase (required to revoke the certificate)
10.Add in additional comments you would like to associate the certificate with (these will not be included in the certificate).
11. Select “Submit”

Once the request has been approved, the requestor will receive an e-mail with installation instructions.

NOTE: While most certificate requests are processed within 24 hours, we only guarantee a 72 hour turnaround time on requests. Therefore, it is imperative to plan accordingly. Digital Certificates will NOT be issued outside of normal business hours.

If you have questions or problems processing your request for a digital certificate using the steps described above, contact The Information Security and Policy Office or your DRAO to have them process the Certificate request on your behalf.
 

Available Digital Certificate Options:

Use the "(Customized for the University of Iowa)" certificate 'profile' or 'type'.

InCommon SSL (SHA-2) 1 to 2 year certs. Single fully qualified domain name certificate.
InCommon Multi Domain SSL (SHA-2) 1 to 2 year certs. Secures up to 100 different domain names on a single certificate.
InCommon Wildcard SSL Certificate (SHA-2) 1 to 2 year certs.

Secures the domain and unlimited sub-domains of that domain.  These must be preapproved by the ISPO.

InCommon Unified Communications Certificate (UCC) (SHA-2) 1 to 2 year certs. Subject Alternate Name certificate. Must be reissued each time you add a new host/domain name.
Extended Validation (EV) SSL/TLS 1 year certs. Extended Validation certificates provide the highest levels of encryption, security and trust and immediately reassure web site visitors that it is safe to conduct online transactions by turning the address bar green on next generation browsers.
Extended Validation Mutli Domain SSL 1 year certs.  
Client or S/MIME Certificate   Secure/Multipurpose Internet Mail Extensions (S/MIME) or Client certificates, used primarily to digitally sign or encrypt e-mail messages.

 

Secure/Multipurpose Internet Mail Extensions (S/MIME) or Client certificates, used primarily to digitally sign or encrypt e-mail messages.

 

Extended Validation (EV) Certificates

EV Certificates are available from Comodo through the University's Digital Certificate Service. Due to the nature of the validation, the process for obtaining an EV certificate is significantly longer approximately two-four weeks; so please plan ahead.

Requesting EV Certificates

Follow the instructions above to get to the online certificate request form then fill out all of the fields, making sure you select "Extended Validation (EV) SSL/TLS" in the drop down “Type” field, paste in the CSR and submit the form. Send an e-mail in to it-securtiy@uiowa.edu to have the ISPO complete the EV request process.
 

For more information about the InCommon Cert Service, click on one of the appropriate links below:

Instructions on how to generate a CSR, install and more visit:https://support.sectigo.com/Com_KnowledgeProductPage

Technical Support
Technical support and troubleshooting is being provided by Sectigo via email, a web ticketing system and telephone. Sectigo's web site includes a Knowledge Base and step-by-step troubleshooting guide.

Additional information can be found at https://www.incommon.org/certificates/support-for-certificates/



TLS Server Certificates FAQ | TLS Certificate Guidelines |